1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Program File Problems

Discussion in 'Malware Removal Help' started by loctos1, Jul 8, 2012.

  1. loctos1

    loctos1

    Joined:
    Jul 8, 2012
    Messages:
    3
    Location:
    united states
    Operating System:
    Windows 8
    I am using Windows 7 64-bit. Recently i have been having problems with a certain file. It is infected with a trojan dropper generic. MBAM and AVG havent helped much. The file is svchost.exe, but it is in C:/Windows but there is also one in C:/Windows/System32. Anyone have a solution to this? (Image is the file in question)
     

    Attached Files:

  2. PseFrank

    PseFrank Registered Members

    Joined:
    Nov 10, 2010
    Messages:
    962
    Location:
    Cambridge UK
    Operating System:
    Windows 7
    Hi loctos1, welcome to Computer Help Forums...

    This is probably something our malware experts should take a look at. They have been notified, and someone will be with you soon. With it being the weekend, there may be a slight delay. Please be patient until your help arrives.
     
  3. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,825
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi loctos1

    Let's take a look.
    I'll move this thread to the Malware Removal forum after posting my reply.

    Step 1
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you will not see this screen as it's XP related
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    Step 2
    • Download OTL to your desktop.
      right click on the link and select 'Save Link/Target As'.

      if you have problems, try this download link:
      OTL
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .
    .

    • Now copy the lines in bold below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\*
      %USERPROFILE%\..|smtmp;true;true;true /FP
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
      .
    • Click the Run Scan button.

      [​IMG]
    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


    In your next reply, please submit:
    Combofix.txt
    Both reports from OTL.

    Thanks
     
    Last edited by a moderator: Feb 4, 2014
  4. loctos1

    loctos1

    Joined:
    Jul 8, 2012
    Messages:
    3
    Location:
    united states
    Operating System:
    Windows 8
    I am having trouble installing Combo-Fix. When the installation gets to a certain point, my computer crashes. These are the details of the crash.

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7600.2.0.0.256.1
    Locale ID: 1033

    Additional information about the problem:
    BCCode: 1e
    BCP1: FFFFFFFFC0000005
    BCP2: FFFFF80002F653FA
    BCP3: 0000000000000001
    BCP4: 0000000000000018
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 256_1

    Files that help describe the problem:
    C:\Windows\Minidump\070912-49015-01.dmp
    C:\Users\ZACK\AppData\Local\Temp\WER-74615-0.sysdata.xml

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
     
  5. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,825
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi loctos1

    Please explain in more detail.
    Combofix doesn't actually install on the system.
    It will run in a black window and will show the stages it has performed by way of numbers.
    What Anti Virus are you running.... has it been disabled?
    Have you tried running Combofix from Safe Mode?

    Btw:
    G2G forum is down at the moment so you may encounter problems trying to download OTL.
    If you do encounter problems, there is another download site that OTL is stored on:
    http://www.itxassociates.com/OT-Tools/OTL.exe
     
  6. loctos1

    loctos1

    Joined:
    Jul 8, 2012
    Messages:
    3
    Location:
    united states
    Operating System:
    Windows 8
    Not installing, but starting up. Once it reaches Output my computer crashes. the first 2 output folders are where it crashes directly after extracting. I use AVG 2012 and Malwarebytes. Both are disabled when i try this. I have no tried in safe mode and will attempt that right now. Attempting to start it in safe mode causes the same crash.
     

  7. Try using MalwareBytes on it maybe this the only tools that can remove it...
     
  8. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    Please read the posts before you add your expertise. Malwarebytes is mentioned at least twice and we have certified malware removal specialists who deal with these problems.
     

  9. I encountered a similar problem and I used Kaspersky to fix it. Why not try Kaspersky Anti virus to solve and eliminate the trojan that has been giving you problems maybe it will work since it has work wonders for me...
     

Share This Page