svchost.exe problem

[REDACTED]

Hello!
It has been a few weeks now since I get messages from Avast blocking suspicious files related to svchost.exe. The download page is always download.windowsupdate.com
Please help.

[dbrisendine]

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
EmptyTemp:
CMD: bitsadmin /reset /allusers
End

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by right clicking on the FRST.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load. 

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.  Also, tell me how your system is running now.

[REDACTED]

Done. Here's the new log file.
Well, everything seems OK now. However, the notifications have popped-up every couple of days, so I'll have to wait and see.
Thank you!

[REDACTED]

Hi again!
Today I turned on my computer, Windows downloaded some important updates, then I had to restart. In the afternoon I restarted it once again. No Avast notifications so far.
But RogueKiller is still bothering me - I downloaded it like a month ago and every time I run it, it detects and kills a svchost.exe related process.
Some additional info below.

[dbrisendine]

Are you running Remote Desktop / Terminal Services in Win7?  RogueKiller will always terminate these as it sees them running automatically.  There used to be vulnerabilities in these processes when ran automatically; I believe that this is RK being 'over-protective'.

[REDACTED]

I don't know... Sorry, I'm terrible in this technical stuff.
But everything seems OK now: no notifications, I even think my PC is performing better.
Thank you so so much for your time and support!
Should I do anything more?

[REDACTED]

Oh, no. The notification is back.

[dbrisendine]

This looks like a False Positive warning by Avast (see details here and here).  What is the Avast product and version you are running?  I will try and find details on how you can report this error in detection to Avast so they can fix the definitions.

[REDACTED]

I'm running Avast Free Antivirus 2015, please see current versions below.

[dbrisendine]

This is the place to report False Positives.  I will see that the proper people are notified.

[REDACTED]

OK. Thanks again.
I hope to be able to provide additional info (log files, screenshots) if needed.
Best regards.

[dbrisendine]

To get the file and proper logs to Avast, it is best if you report this via the Avast! Support web portal -

https://support.avast.com/ > Avast Virus Labs.  You can link to this topic and include the VirusTotal links

https://www.virustotal.com/en/url/db1ff7c3f677e2657b695e2a144eb35de7ccd5ea93bc847233968939fc7fd8eb/analysis/1437058044/

https://www.virustotal.com/en/file/4b9535da4dd47c6b782ea10636e3b4b1c08fd13558d28f0109539f7f125fd2b8/analysis/1437043044/