Author Topic: SVC: Stereo Service Rootkit: hidden service (Read 7365 times)

Raiden Omega · « **on:** October 15, 2012, 07:36:49 AM »

Hello,

I was updating windows. It seems to have finished fine, sometime during that process avast has found the exact file name and rootkit as in the subject:

File name: SVC: Stereo Service
Rootkit name: hidden service

Furthermore, when I mouse over it, it says SVC: Stereo Service > C:\Program Files

I haven't tried to remove it, as I don't know if it's necessary or even a real concern or something to do with the windows update. Any feedback or direction is greatly appreciated.

I have no idea what is needed. It's my first time coming to any anti-virus forum so please feel free to direct as necessary.

Thanks much.

Pondus · « **Reply #1 on:** October 15, 2012, 07:40:36 AM »

follow guide and attach logs....not copy and paste. http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

then help will arrive later today.....be patient

Raiden Omega · « **Reply #2 on:** October 15, 2012, 07:44:58 AM »

Thanks much. Should I go ahead and hit Ignore for now on the avast Rootkit Found window? Also, if so do I need to go ahead and reboot for the window's update to take effect?

Raiden Omega · « **Reply #3 on:** October 15, 2012, 08:09:50 AM »

Okay. Here's the adwcleaner log file.

Raiden Omega · « **Reply #4 on:** October 15, 2012, 08:16:31 AM »

Malwarebytes log.

Raiden Omega · « **Reply #5 on:** October 15, 2012, 09:00:59 AM »

Here is the OTL extra. The OTL itself is too large at 210kb. I'll have to redo it and click none under the proper option that was set to safelist before I realized it.

It would seem that the file was the same size with the change. I think it's because it has Windows.old info from a crash and a reinstall. It was able to save the old information and files and I never got around to clean them. I'll do the last operation now and see what turns up.

Raiden Omega · « **Reply #6 on:** October 15, 2012, 04:31:07 PM »

Here is the aswmbr log.

Pondus · « **Reply #7 on:** October 15, 2012, 04:40:02 PM »

you can upload OTL to somenfile share like mediafire and post download link here
or split in two and use two posts

Raiden Omega · « **Reply #8 on:** October 15, 2012, 06:39:06 PM »

Here's the first part of the OTL log.

Raiden Omega · « **Reply #9 on:** October 15, 2012, 06:39:54 PM »

OTL second half.

Edit: I just finished doing an MBAM full system scan and it found a heuristics.reserved.word.exploit. No clue what that actually is. Having looked it up, I wonder if it isn't related to the SVC problem as it is services.exe.mui file. If it helps any, I have the log, but the file address is C:\Users\Raiden Omega\AppData\Local\Temp\services.exe.mui.

Albert Green · « **Reply #10 on:** April 15, 2013, 05:48:37 PM »

Hello,

Avast also gave me the exact same notification after I updated my NVidia GeForce 8600 GT to the latest update v. 314.22
Is that a false positive ?

Author Topic: SVC: Stereo Service Rootkit: hidden service (Read 7365 times)

Raiden Omega

SVC: Stereo Service Rootkit: hidden service

Pondus

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Pondus

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Raiden Omega

Re: SVC: Stereo Service Rootkit: hidden service

Albert Green

Re: SVC: Stereo Service Rootkit: hidden service