Author Topic: Assistance with svchost.exe url malware (Read 3919 times)

REDACTED · « **on:** June 12, 2015, 12:33:40 AM »

Been getting lots of daily avast pop up warnings that look like the following.

URL: hxxp://bestdriverstar.net/4141/RelayTurbo_142668814330855.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

The url in the avast popup warning is different sometimes. Attached below are my logs from Malwarebytes, Farbar, and aswMBR. On a side note I got a blue screen and shut down while running aswMBR

Thank you

Rednose · « **Reply #1 on:** June 12, 2015, 12:36:40 AM »

Hi no1b4me72, welcome to the forum

As it is past midnight here in Europe, most experts will be sleeping right now.
Be patient, you will be helped as soon as possible.

Greetz, Red.

REDACTED · « **Reply #2 on:** June 12, 2015, 12:40:36 AM »

Quote from: Rednose on June 12, 2015, 12:36:40 AM

Hi no1b4me72, welcome to the forum

As it is past midnight here in Europe, most experts will be sleeping right now.
Be patient, you will be helped as soon as possible.

Greetz, Red.

Thanks Rednose. Have a good evening...

REDACTED · « **Reply #3 on:** June 12, 2015, 05:13:34 AM »

Hello

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

REDACTED · « **Reply #4 on:** June 12, 2015, 08:55:22 PM »

Here's the zoek-results log attachment.

REDACTED · « **Reply #5 on:** June 12, 2015, 09:05:41 PM »

Re-run zoek and run this script:

Code: [Select]

mdlgoanmklkbmpnloohhfolfgibmieog;chr
C:\Users\user\AppData\Local\Chromium\User Data\Default\Preferences;f
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
createsrpoint;
autoclean;
emptyalltemp;

Post its content into your next reply.

REDACTED · « **Reply #6 on:** June 13, 2015, 12:38:08 AM »

2nd zoek log attachment after running script.

REDACTED · « **Reply #7 on:** June 13, 2015, 04:00:47 AM »

Is everything ok now?

REDACTED · « **Reply #8 on:** June 13, 2015, 09:51:47 PM »

Have been at work. Will give it 24 hours and report back if there are anymore Avast alerts. Thanks for your assistance argus...

REDACTED · « **Reply #9 on:** June 13, 2015, 09:53:34 PM »

No problem.

Author Topic: Assistance with svchost.exe url malware (Read 3919 times)

REDACTED

Assistance with svchost.exe url malware

Rednose

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware

REDACTED

Re: Assistance with svchost.exe url malware