« previous next »
Pages: [1]   Go Down

Author Topic: malfunctioning svchost.exe  (Read 4347 times)

0 Members and 1 Guest are viewing this topic.

Pulock2009

  • Guest
malfunctioning svchost.exe
« on: October 09, 2009, 12:57:23 PM »
hello friends !!! i am new to this forum. i need some help. my svchost.exe file malfunctions and the programs stop running at intervals. sometimes a mesage comes up:some data got to be written somewhere but got written somewhere.after which the svchost.exe malfunctions. thx in advance ???
Logged

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: malfunctioning svchost.exe
« Reply #1 on: October 09, 2009, 01:27:39 PM »
Hello Pulock2009,

1)upload the file svchost.exe to www.virustotal.com and paste the link here.

2) get mbam, do an update, perform full system scan, remove the infections and reboot if needed.

3) please, post the log here. (use additional options while posting.)

nmb
« Last Edit: October 09, 2009, 01:29:30 PM by nmb »
Logged

Pulock2009

  • Guest
Re: malfunctioning svchost.exe
« Reply #2 on: October 10, 2009, 07:42:54 PM »
out of the 2 tasks that u advised me to carry out only one of them was successful:i could only upload the svchost.exe file. when i tried to download the mbam through my mozilla firefox browser the download finished message appeared 2 early.later the exe file when double clickd showed that it was corrupted.interesting to note that this problem has occured earlier also a lot many times.i have not yet checked my e-mail. i wonder how long the report would take to reach?thanks for ur advice!!
Logged

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: malfunctioning svchost.exe
« Reply #3 on: October 11, 2009, 03:16:52 PM »
I think you forgot to paste the link to virustotal.

get the mbam setup file from other clean pc on to a pen drive and aslo the mbam rules : http://www.malwarebytes.org/mbam/database/mbam-rules.exe

disconnect your pc from the internet so you don't infect other guys on the net.

install it in your pc. run the updater and scan. if mbam doesn't start, change the name of the file to xxx.exe and then try.

post back the log.

nmb
Logged

Pulock2009

  • Guest
Re: malfunctioning svchost.exe
« Reply #4 on: October 11, 2009, 07:21:33 PM »
i couldnot upload properly:it took too much time!!!!! so i sent it by e-mail. i have not yet recieved the confirmation e-mail.i checked my e-mail account just a few minutes back!!!!i have started doing all my activities through a guest account.will  that be helpful???personally, i have seen reduction in virus activities like slowing down , hanging, suddenly the antiivirus showing virus alerts etc.(i have avast .i update it regularly).as for the mbam i will try doing something.thx anyways!!
Logged

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: malfunctioning svchost.exe
« Reply #5 on: October 11, 2009, 07:31:26 PM »
if you use guest account its very safe. as it 97 % of malware can do nothing to your system due to limited access to system files. you will be very much helpful if you use a limited user account like the guest one.

nmb
Logged

Pulock2009

  • Guest
Re: malfunctioning svchost.exe
« Reply #6 on: October 16, 2009, 07:29:34 AM »
heres the report i got:
svchost.exe analysis::::::::::
MD5:     8f078ae4ed187aaabc0a305146de6716
First received:    2007.06.16 14:53:55 UTC
Date:    2009.10.14 15:15:38 UTC [+1D]
Results:    0/41
Permalink:    analisis/16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a-1255533338
Antivirus    Version    Last Update    Result
a-squared    4.5.0.41    2009.10.14    -
AhnLab-V3    5.0.0.2    2009.10.13    -
AntiVir    7.9.1.35    2009.10.14    -
Antiy-AVL    2.0.3.7    2009.10.14    -
Authentium    5.1.2.4    2009.10.14    -
Avast    4.8.1351.0    2009.10.13    -
AVG    8.5.0.420    2009.10.14    -
BitDefender    7.2    2009.10.14    -
CAT-QuickHeal    10.00    2009.10.14    -
ClamAV    0.94.1    2009.10.14    -
Comodo    2599    2009.10.13    -
DrWeb    5.0.0.12182    2009.10.14    -
eSafe    7.0.17.0    2009.10.14    -
eTrust-Vet    35.1.7067    2009.10.14    -
F-Prot    4.5.1.85    2009.10.14    -
F-Secure    8.0.14470.0    2009.10.14    -
Fortinet    3.120.0.0    2009.10.14    -
GData    19    2009.10.14    -
Ikarus    T3.1.1.72.0    2009.10.14    -
Jiangmin    11.0.800    2009.10.08    -
K7AntiVirus    7.10.870    2009.10.14    -
Kaspersky    7.0.0.125    2009.10.14    -
McAfee    5770    2009.10.13    -
McAfee+Artemis    5770    2009.10.13    -
McAfee-GW-Edition    6.8.5    2009.10.14    -
Microsoft    1.5101    2009.10.14    -
NOD32    4507    2009.10.14    -
Norman    6.01.09    2009.10.14    -
nProtect    2009.1.8.0    2009.10.14    -
Panda    10.0.2.2    2009.10.14    -
PCTools    4.4.2.0    2009.10.14    -
Prevx    3.0    2009.10.14    -
Rising    21.51.24.00    2009.10.14    -
Sophos    4.46.0    2009.10.14    -
Sunbelt    3.2.1858.2    2009.10.14    -
Symantec    1.4.4.12    2009.10.14    -
TheHacker    6.5.0.2.041    2009.10.14    -
TrendMicro    8.950.0.1094    2009.10.14    -
VBA32    3.12.10.11    2009.10.14    -
ViRobot    2009.10.14.1984    2009.10.14    -
VirusBuster    4.6.5.0    2009.10.14    -
Additional information
File size: 14336 bytes
MD5   : 8f078ae4ed187aaabc0a305146de6716
SHA1  : da0ff4006859a7580aba81f486f692dead2014fe
SHA256: 16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x41107ED6 (Wed Aug 4 08:14:46 2004)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C00 0x2C00 6.29 6fc4d075dfb37185ffae8eacb467b822
.data 0x4000 0x1F0 0x200 1.61 553c0ebbbc67abab785f2065a062b522
.rsrc 0x5000 0x418 0x600 2.54 2997285df9158db5a62ffb42a2fd0d07

( 0 imports )


( 0 exports )
TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=8f078ae4ed187aaabc0a305146de6716
ssdeep: 384:cpiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:dT/3Ska6Lh8C
PEiD  : -
PDFiD : ['-', None, None]
RDS   : NSRL Reference Data Set

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: SVCHOST.EXE, svchost.exe
( Microsoft )

the md5 is at the top. by the way my guest account login has even failed to stop malware activities.i have again started getting avast alerts out of nowhwere and there were some *.scr files in my network settings
folder in the documents and settings folder. should i upload them to virustotal??upon right-clicking they show options like modify and install.!!thanks for ur advice anyways ::)
Logged

YoKenny

  • Guest
Re: malfunctioning svchost.exe
« Reply #7 on: October 16, 2009, 07:44:45 AM »
Running Gateway Operating System Windows XP Pro Edition SP2 leads to infections as WinXP SP3 has been available for over a year so you should go to Tools then Windows Update in Internet Explorer and install all updates as it provides performance enhancements and several Critical updates.

Go to Control panel then Automatic updates then at least enable Notify me but do not download updates.

Get Malwarebytes Anti-Malware (MBAM) then update it then run a Quick scan and let it remove all it finds:
http://www.malwarebytes.org/mbam.php

Post its log here after it completes.

Run Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
Logged
Pages: [1]   Go Up
« previous next »