« previous next »
Pages: [1]   Go Down

Author Topic: Infected with URL: Mal in my svchost.exe  (Read 1859 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Infected with URL: Mal in my svchost.exe
« on: June 04, 2015, 05:21:03 PM »
Please help me remove his virus!!!

URL: http://epictory.com/2828/libraryinstance_142088031278000.dll (changes almost every time)
Infection: URL: Mal
Proces: C:\Windows\system32\svchost.exe

I'm attaching the logs.
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #1 on: June 04, 2015, 05:22:35 PM »
Hello.


Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
Code: [Select]
createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #2 on: June 04, 2015, 05:46:32 PM »
Results are attached.
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #3 on: June 04, 2015, 05:55:35 PM »

Re-run zoek and run this script:


Code: [Select]
C:\Users\Kayla Farley\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
createsrpoint;
autoclean;
emptyalltemp;

Post its content into your next reply.
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #4 on: June 04, 2015, 07:38:32 PM »
here you go
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #5 on: June 04, 2015, 07:40:23 PM »
Is everything ok now?
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #6 on: June 04, 2015, 07:41:37 PM »
Yes! Thank you very much!
Logged

REDACTED

  • Guest
Re: Infected with URL: Mal in my svchost.exe
« Reply #7 on: June 04, 2015, 07:43:08 PM »
The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.


Cheers.
Logged
Pages: [1]   Go Up
« previous next »