Avast! Malicious URL Blocked then svchost.exe load up and takes 100% CPU Usage

[Boag]

Not sure if this is the right place to post this so sorry ahead of time.

Been having this issue since last night where avast would give me this pop up image *see below*

After this happens a svchost.exe loads up & takes a ton of CPU usage and Mem Usage *see below*

I've tried running MBAM , CCcleaner, Avast Scans, Trend Micro House Call, but still this problem keeps popping up. Hoping someone here had this problem before or knows a solution thanks.

[DavidR]

The Malicious URL alert in connection with svchost.exe is usually an indication that you have a rootkit on your system and most probably an MBR rootkit.

You can check if you have an MBR rootkit using this tool:

Download aswMBR.exe ( 1.8MB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

 
On completion of the scan click save log, save it to your desktop and post in your next reply

[Boag]

Hey DavidR thanks for replying.

Here's the log after the scan was complete.


aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-26 23:16:47
-----------------------------
23:16:47.234    OS Version: Windows 5.1.2600 Service Pack 2
23:16:47.234    Number of processors: 2 586 0x6B02
23:16:47.234    ComputerName: BOAG  UserName:
23:16:48.468    Initialize success
23:16:48.640    AVAST engine defs: 11062601
23:17:58.921    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
23:17:58.921    Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
23:17:58.921    Device \Device\00000074 -> \??\IDE#DiskST3500320AS_____________________________SD15____#2020202020202020202020205139304D4E443245#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
23:17:58.921    Disk 0 MBR read error 0
23:17:58.921    Disk 0 MBR scan
23:17:58.921    Disk 0 unknown MBR code
23:17:58.921    MBR BIOS signature not found 0
23:17:58.921    Disk 0 scanning sectors +976752000
23:17:58.921    Disk 0 scanning C:\WINDOWS\system32\drivers
23:18:05.093    Service scanning
23:18:06.359    Disk 0 trace - called modules:
23:18:06.359    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8adb54d0]<<
23:18:06.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adc3ab8]
23:18:06.375    3 CLASSPNP.SYS[b80e905b] -> nt!IofCallDriver -> \Device\00000075[0x8ae33f18]
23:18:06.375    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x8adc3030]
23:18:06.375    \Driver\nvata[0x8adc4978] -> IRP_MJ_CREATE -> 0x8adb54d0
23:18:06.890    AVAST engine scan C:\WINDOWS
23:26:26.625    AVAST engine scan C:\Documents and Settings\Jeremy
23:35:09.406    AVAST engine scan C:\Documents and Settings\All Users
23:37:13.093    Scan finished successfully
23:37:47.406    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeremy\Desktop\MBR.dat"
23:37:47.406    The log file has been saved successfully to "C:\Documents and Settings\Jeremy\Desktop\aswMBR.txt"

[DavidR]

OK, another tool to check for other types of rootkit.

Second opinion now

Please read carefully and follow these steps. 

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[Boag]

Couldn't Post the entire log since it was to big so here are the logs after i ran TDSSKiller.


http://www.mediafire.com/?l4r5sr2l9h9ts3d

http://www.mediafire.com/file/l4r5sr2l9h9ts3d/TDSSKiller.2.5.6.0_27.06.2011_14.09.01_log.txt

[DavidR]

Well the log indicates it found 1 rootkit and will be cured on reboot. So if you haven't done so, reboot.

Now watch out for any other Malicious URL alerts by avast on svchost.exe.

[Boag]

Cool the problem is gone thanks man!

[DavidR]

No problem, glad I could help.

A belated welcome to the forums.