Other > Viruses and worms

I think I might have a worm

(1/5) > >>

Liza:

Hi,

I hope you can help me.  Since a few days before Christmas my computer is being constantly pinged by svchost.exe with the ip address and source dns of my isp provider, which prevents me from loading web pages ( this page can not be displayed) or very slow loading and downloading.  ( For example downloading one 719KB program took 1 1/2 hours)

I am running XP,SP2
Avast AV
Zone Alarm firewall
Spybot
Adaware
Spyware Blaster

I have also tried to find the problem by running ewido, trojan hunter and trendmicro's housecall.  I have also done all the other suggested fixes. i.e emptying temp files, deleting cookies etc. Only one bad program was found backattack.130 which was cleaned but still my woes continued.  I have tried restoring to a point before my firewall log shows these constant attacks ( and rechecked to make sure the backattack thing was gone) and at one point was okay for a few days but my problems came right back.  I have tried changing isp providers but even with then new provider the svchost.exe shows constant (every few seconds) attempts to contact my computer by my new isp addresses.  I have configured my firewall to allow the isp address in the trusted zone, and even at one time on advice from my previous isp disengaged the firewall all to no avail. 

When I did a search for svchost.exe I found several references to different types of worms.  I am wonder if I could possibly have a new one that av programs don't recognize?

I downloaded and ran avast 4.5 today with the new 01/07 update but still it found nothing.


I am really getting to the limit of my patience ( which is not great to start with <g>) with this and hope that you maybe able to help me. 

At this point the only solution that I can think of is to completely restore from scratch with the original disc's supplied.

Any and all help would be appreciated.

Thanks,

Liz

DukeNukem:
Give this a go.

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Eddy:
Follow the instructions in the malware removal section on my website (see my signature). Do as explained there, than come back here and let us know if the problem is solved.

If not, let us know what exact problems you are still facing.

Liza:

Hi,

As previously stated I have tried all the updated malware removal programs, sybot, adaware and run spyware blaster.  I have run avast many times including today with yesterdays update.  I have run trojan hunter and ewido.  Have run trendmicro's housecall on-line scanner.  The only thing any of these programs found was that trojan hunter found backattack130 which if found in a program uninstall file which it cleaned.
Nothing has helped stop the problem.  No changes have been made to my hosts file as I have that locked against changes.

The exact problem is that I my computer is being constantly pinged by something.  Most times I am unable to load web pages, I get this page can not be displayed or sometimes when I am very lucky I am able to load these pages very slowly.  While trying to fix the problems I have downloaded a few programs (Trojan Hunter, ewido and the on line virus scanner) which take an incredibly long time or not at all.  It took  1 1/2 hours to download hijack This.  According to my firewall logs almost every time I load a new web page svchost.exe is incoming on my computer about every two seconds.  The address that is shows incoming is my isp.  I have changed isp's and the same thing happens only it shows that my new isp is constantly pinging me.
I have zonealarm firewall installed and running.  I have set my isp up in the trusted zone.  Also on advice from my previous isp I have disabled the firewall and still the problem did not go away. I have tried running with just windows firewall nothing has helped.  I have uninstalled and reinstall my firewall and still nothing.  Only when I did a system restore back to the beginning of Nov. 2004 did my problems go away for a short while but then they returned a little at a time over the next few days. 

When I did I google search on svchost.exe I found that many different worms operate in this way.

Any help in finding out what is causing this would be appreciated.

Because of my downloading problems I will wait to download another spyware program untill I hear from you, per DukeNukem's instructions.

Thanks,

Liz

Eddy:
Use the process viewer from Sysinternals and track down what exactly is using svchost

Navigation

[0] Message Index

[#] Next page