svchost.exe Malware

[REDACTED]

I picked up this malware a few weeks ago and have been working on and off to root it out of my system.

I ran CCleaner, Malwarebytes, Spybot, and avast boot scan with no problem found.

The malware only appears when the system is booted

URL:  http://anythicago.com/4141/RelayTurbo_142668814306251.dll
Infection:  URL:Mal
Process:  C:\Windows\System32\svchost.exe

There are a few different URL reports, this is the one that was blocked when I just rebooted.

I have been reading the threads and each fix seems to be specific to the user.  I was hoping you would provide me with a fix for my system.

Attached is my Zoek Report

[REDACTED]

Hello


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[REDACTED]

Sorry for the delay.

Requested files attached.

[REDACTED]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

While attempting the requested process, I received the pop up requesting a reboot of the system.  After clicking OK, the system froze and the program was "not responding".  The process did generate a log file.  Please see Fixlog1 for this log file.

The process was repeated after a hard shutdown and reboot.  The second attempt was successful.  Please see Fixlog.

Also, on reboot, I not longer get the block malware pop up from avast.

I think that may have done the trick.

Is there anything that I can do to aid you to help others?

[REDACTED]

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
  
• Make sure that these ones are checked:
• Remove disinfection tools
• Purge system restore
• Reset system settings
• Push Run and wait until the tool completes his work.
  
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
  

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



Not start zoek on your hand.