• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

SVCHOST.EXE Virus!!!!

Hi All,

I am using Norton Internet security  Version 16.7.2.11.

Recently I am getting popup for a Virus attack shown in image below :
"http://img695.imageshack.us/img695/4593/trojanmessage.jpg"

After I click on More Details Option It shows me details of the attack which shown in below image:

http://img130.imageshack.us/img130/3567/resultmoredetails.jpg

When I went into c:\windows\temp folder I found lots of ***.tmp folders (folder names were random).And all folders are empty, may be because norton deleted the virus.

I have scanned with spyhunter 3 with its latest updates downloaded but it didnt found anything.

My system is scheduled for daily scan for norton but still I attacked by this Virus.

Please provide me any solution to remove this virus.

Norton popups every time and my Winodws\temp folder is keep on junking with .tmp folders.

 Please help me.

Thanks and Regards,

Rahul.

Replies

Kudos0

Re: SVCHOST.EXE Virus!!!!

Hi All,

I am using Norton Internet security  Version 16.7.2.11.

Recently I am getting popup for a Virus attack shown in image below :
"http://img695.imageshack.us/img695/4593/trojanmessage.jpg"

After I click on More Details Option It shows me details of the attack which shown in below image:

http://img130.imageshack.us/img130/3567/resultmoredetails.jpg

When I went into c:\windows\temp folder I found lots of ***.tmp folders (folder names were random).And all folders are empty, may be because norton deleted the virus.

I have scanned with spyhunter 3 with its latest updates downloaded but it didnt found anything.

My system is scheduled for daily scan for norton but still I attacked by this Virus.

Please provide me any solution to remove this virus.

Norton popups every time and my Winodws\temp folder is keep on junking with .tmp folders.

 Please help me.

Thanks and Regards,

Rahul.

Kudos0

Re: SVCHOST.EXE Virus!!!!

Below you can find the log I taken from SysProt Anti rootkit:

I saw this thing might be req. by any one to help further:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 712
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 788
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 812
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 872
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1416
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 336
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 328
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 420
Hidden: No
Window Visible: No

Name: C:\WINDOWS\soundman.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxtray.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 488
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Talk\googletalk.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\Program Files\TrojanHunter 5.2\THGuard.exe
PID: 1016
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 260
Hidden: No
Window Visible: No

Name: C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1348
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 1448
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1640
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 1648
Hidden: No
Window Visible: No

Name: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PID: 1568
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
PID: 1720
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Download Manager\IDMan.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\Program Files\DCPFLICS\DCPFLICS.exe
PID: 1996
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 728
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
PID: 1552
Hidden: No
Window Visible: No

Name: I:\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PID: 2124
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
PID: 2184
Hidden: No
Window Visible: No

Name: C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
PID: 2640
Hidden: No
Window Visible: No

Name: C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PID: 2764
Hidden: No
Window Visible: No

Name: C:\Program Files\TeamViewer\Version4\TeamViewer.exe
PID: 2840
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
PID: 3288
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 2548
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PID: 3012
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PID: 3652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3712
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PID: 2788
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jucheck.exe
PID: 3352
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 292
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Phone\Skype.exe
PID: 3324
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Skype\Plugin Manager\skypePM.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
PID: 848
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1768
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Admin\My Documents\Downloads\Compressed\SysProt\SysProt\SysProt.exe
PID: 4488
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\notepad.exe
PID: 4340
Hidden: No
Window Visible: Yes

Kudos0

Re: SVCHOST.EXE Virus!!!!

rahul1983:

You may need to take this issue to a malware removal forum such as Bleeping Computer.  Some of these can be very difficult to remove.

http://www.bleepingcomputer.com/

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: SVCHOST.EXE Virus!!!!

download Malwarebytes: http://malwarebytes.org

you have a complicated virus, and you should download this: http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html

It is Spybot search and Destroy.

Hope it helps, 

HPTouchsmart

Kudos0

Re: SVCHOST.EXE Virus!!!!


HPTouchsmart wrote:

download Malwarebytes: http://malwarebytes.org

you have a complicated virus, and you should download this: http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html

It is Spybot search and Destroy.

Hope it helps, 

HPTouchsmart


Don't download and install Spybot S&D
It has a realtime  that can cause problems
 Quads 
Kudos0

Re: SVCHOST.EXE Virus!!!!

I would recommend that the user be cautious and seek expert assistance.  If some aggressive antimalware product removes svchost.exe, he could end up in serious difficulties.  The backing up of important documents, etc. would be a good idea.  Also having recovery discs or an O/S disc is helpful as well.
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

This thread is closed from further comment. Please visit the forum to start a new thread.