Author Topic: MALICIOUS URL BLOCKED - svchost.exe  (Read 2232 times)

Offline Grape Jelly

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
MALICIOUS URL BLOCKED - svchost.exe
« on: April 20, 2012, 01:57:51 AM »
Hi,

While connected to the internet I receive notices from avast! saying that harmful sites that appear to be originating from 'svchost.exe' are being blocked by the Network Shield.

Screenshots here: http://imgur.com/a/ttwew

Please guide me in removing this malware, tell me where it could have possibly originated from, and advise me on how to avoid it from reoccurring.

Thank you.
« Last Edit: April 20, 2012, 01:59:41 AM by Grape Jelly »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #1 on: April 20, 2012, 05:35:08 AM »
Follow this guide and attach logs from Malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Grape Jelly

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #2 on: April 20, 2012, 06:49:05 PM »
Malwarebytes' Anti-Malware Log:

http://pastebin.com/bnXknKJf

Extras.Txt:

http://pastebin.com/dXDnUjbN

OTL.Txt:

http://pastebin.com/EmTjCrmE

I can't complete a scan using aswMBR.exe without blue screening.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #3 on: April 20, 2012, 07:10:15 PM »
so why dont you attach (not copy and paste ) the logs here   ???
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24902
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #4 on: April 20, 2012, 07:11:57 PM »
so why dont you attach the logs here   ???

I also wonder why...!!
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline Grape Jelly

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #5 on: April 20, 2012, 07:13:34 PM »
They won't upload. I have selected them yet they won't appear.

Edit: There they are. I'll upload my Malwarebytes log soon.
« Last Edit: April 20, 2012, 07:19:19 PM by Grape Jelly »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #6 on: April 20, 2012, 07:41:05 PM »
your malwarebytes log say....no action taken ?......did you not click the remove selected button and reboot after scan ?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Grape Jelly

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #7 on: April 20, 2012, 07:45:27 PM »
your malwarebytes log say....no action taken ?......did you not click the remove selected button and reboot after scan ?

This log is from the second time I scanned with Malwarebytes. I selected and removed it and restarted after the first scan, but svchost.exe came back.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #8 on: April 20, 2012, 07:53:04 PM »
Ok...essexboy is on the way
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28970
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #9 on: April 20, 2012, 08:42:30 PM »
Did TDSSKiller also fail to run ?

Could you go Start > Run and type in the following command :

diskmgmt.msc

This will open the disc management console
Please take a screen shot of that and post it here

Also are you able to burmn a CD

Offline Grape Jelly

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #10 on: April 20, 2012, 08:53:44 PM »
Did TDSSKiller also fail to run ?

Could you go Start > Run and type in the following command :

diskmgmt.msc

This will open the disc management console
Please take a screen shot of that and post it here

Also are you able to burmn a CD

I just ran TDSSKiller and no threats were found.



I can burn CDs.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28970
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #11 on: April 20, 2012, 09:06:38 PM »
Could you attach the TDSSKiller log please

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline Grape Jelly

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #12 on: April 20, 2012, 09:42:13 PM »
The malware persists. I still receive notices about svchost.exe.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28970
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #13 on: April 21, 2012, 10:21:51 AM »
This looks like something new, I need to check a system file out 

  • Run OTL .
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
user32.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad windows. 
    • Attach this log

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now