Threat Detected appearing all the time - svchost.exe

[REDACTED]

I'm getting VERY frequent pop-up boxes reporting that a threat has been detected.
It is centred on the svchost.exe with ortiguard, any-Chicago

Attached are the basic scan log files, I will perform a Zoek scan now.

many thanks
Andy (UK)

[TwinHeadedEagle]

Hello,

Please follow this topic and attach required reports

https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Logs attached

malware_log
FRST
Addition
aswMBR

[REDACTED]

Also I ran rhe zoek.exe programme.

I used one of your scripts, but changed the user to MYNAME

Attached is the log produced.

NB: the zoek.exe programme keeps restarting event though I close it,

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Here is the log file from zoek.exe

Appreciate your help to all members of this forum 

[TwinHeadedEagle]

Fix with ZOEK

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
chrdefaults;


• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by andy on 13/06/2015 at 18:13:52.94.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\andy\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-06-12-201918.log   4862 bytes
C:\zoek-results2015-06-12-232357.log   24737 bytes

==== System Restore Info ======================

13/06/2015 18:18:22 Zoek.exe System Restore Point Created Successfully.

==== Deleting Files \ Folders ======================

"C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted

==== Reset Google Chrome ======================

C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3099 folders=519 759811266 bytes)

==== EOF on 13/06/2015 at 18:19:05.88 ======================

[TwinHeadedEagle]

Very good. How is your PC behaving now?

[REDACTED]

The popup warnings have disappeared.
many thanks
Andy

[TwinHeadedEagle]

Cheers

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.