svchost.exe virus?

[doriandiaconu]

Apparently AVAST found a virus in this directory:

C:\Windows\SysWOW64\Netl\svchost.exe

Severy is set to high.

Status: Threat: MSIL:Injector-DB[Trj].

What should I do?

[essexboy]

First I will need to confirm that it is the file I suspect

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

[doriandiaconu]

Here they are. Uploded them this wat due to their lenghts.

http://tinyurl.com/nervm6p

[essexboy]

You can attach the logs to your post to make it easier

Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

• Click on Next > then on Update button to download fresh definitions.


• When database updates click Next

• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"


• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.


• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

NEXT

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

[doriandiaconu]

Done!

[essexboy]

Nothing bad showing however, that is not the correct location for that file...  Lets dig deeper

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[doriandiaconu]

Here it is.

[essexboy]

Was the file found during a scan or is it popping up as an alert ?  If it was on a scan then move it to the virus chest.  Otherwise the computer looks nice and clean

Are you experiencing any problems ?

[doriandiaconu]

They found a virus in a folder from Lenovo support software and a log from the Windows folder. Apart from that everything is ok. Just that my software didn't start after the computer restarted. I think it'll do it on the next one.

Thanks for the assistence!

[essexboy]

Let me know when you are happy and I will remove my rubbish

[doriandiaconu]

AVAST still claims the virus is there. Oh well. Thanks anyway!

[essexboy]

Is this via a scan ?   And were you able to send it to the chest

[doriandiaconu]

Yes, via a scan. But I didn't do anything. I thought it was an important file.

[essexboy]

No you can send it to the chest and it will sit there quite happily unable to do anything

The system copy is in C:\Windows\System32