Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Svchost.exe acting weird
#11
Step 6
Problems Encountered: Says it can't find the file when I type that in.
Code:
Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again.
Yeah my bro being a retard as he is, shift-deleted it to ''clean the clutter'' on the desktop. Almost positive that's what caused it. Whistle

And yes, I reinstalled AVG.
|Z3R0|
[Image: Sig2.jpg]
Reply
#12
  • Step 6

    "A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria."

    I noticed that you do not have a firewall installed in your system presently. Do understand that you are making yourself defenseless against malware. Please be advised that the pre-installed firewall that you have is not much of a protection against attacks. A firewall helps monitor connections both inward and outbound therefore having a specialised firewall is essential. An anti-virus and a firewall are crucial to your system's security. Without both, reinfection is imminent after a clean. Here's a list of well-known and proven softwares.
  • Free Firewalls
    • Comodo Internet Security (Firewall Module)
      • Comodo Firewall is your first line of defense in protecting yourself online. A multi-layered security application that will constantly monitor and defend your PC from Internet attacks.
    • Online Armor Free
      • Online Armor's range of firewall products are designed to fit every need. Online Armor's aim is not to annoy you with too many messages and when it does give you a message, there are clear options given on how to respond.
    • Outpost Firewall Free
      • Outpost Firewall Free gives you solid firewall protection with standard packet and application filtering to safeguard your data against unauthorized third parties. Plus, you get advanced protection against illegal program activity that will help stymie unknown threats.
    • PC Tools Firewall Plus
      • PC Tools Firewall Plus is a powerful free personal firewall for Windows® that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
    • PrivateFirewall Free
      • PrivateFirewall is a multi-layered endpoint security software protects Windows desktops and servers from malware and unauthorized use. Personal firewall, packet inspection, URL filtering, process monitor, and application/system behavior modeling are some of its features.
From the list above, choose one, click on the name of the program that suites you best, download it and proceed to the installation. Having one is truly an aid to your computer's defense capability. If you are having a hard time choosing from the above list, you may refer to Matousec's Proactive Security Challenge Results. Do not hesitate to ask if you wish for me to configure the firewall you have chosen. If you'd rather let me pick one for you, please allow me to do so by telling me your Internet usage, computer specifications such as your Operating System, Service Pack version and other relevant details.
Reply
#13
Step 6
Problems Encountered: N/A
I ended up using Comodo based purely on its score from the site you gave me and it would be awesome if you could help me set it up properly. I would say I am an avid gamer and play games such as World of Warcraft, League Of Legends and many of the Steam games such as TF2 and Half Life and Left 4 Dead. My DxDiag can be found at HERE but a summary of my computer is Windows 7 professional, no service pack, and I use the internet avidly. So your professional input on how to set it up would be greatly appreciated.

Also, I am almost 95% sure I am still infected. Today, while this site was down, I was surfing the internet and my web page went from a full page to a maximized page and went to this IP address, 208.109.186.145. Then was forwarded to some other random web page completely irrelevant to what I was searching for. Also, I went into my hosts file and noticed that it had all been erased, and was instead replaced with 127.0.0.1. That's what really got me going, but AVG didn't detect anything under a rootkit, shell, and full computer scan.
Thanks for the great help so far!
|Z3R0|

P.S. I have a program (CurrPort) and have 4 logs that I created with the internet off, turning it on, opening the internet, and another of when I went to a login page such as hotmail or battle.net. I was trying to trigger the process to start and maybe try to make a connection or something, if you would like the logs let me know and I'll PM them to you. Not sure I would want to share that over an open thread >.> Again thanks for all the great help so far.
[Image: Sig2.jpg]
Reply
#14
Quote:I ended up using Comodo based purely on its score from the site you gave me and it would be awesome if you could help me set it up properly.

It was the correct choice, IMHO.

Quote:I would say I am an avid gamer and play games such as World of Warcraft, League Of Legends and many of the Steam games such as TF2 and Half Life and Left 4 Dead.

I see. On the Comodo icon found at the system tray, please right-click on it and set the following accordingly.
  • Firewall Security Level
    • Safe Mode
  • Defense + Security Level
    • Clean PC Mode (if you consider yourself a process-erudite)
    • Training Mode (if not)
  • Sandbox Security Level
    • Disabled
Note that you can set your firewall to Game Mode whenever necessary. Just do not forget to switch it back after.

Quote:Also, I am almost 95% sure I am still infected. Today, while this site was down, I was surfing the internet and my web page went from a full page to a maximized page and went to this IP address, 208.109.186.145.

Download SUPERAntiSpyware.
  • Install it and let it check for updates.
  • Perform a complete scan and let it remove everything it finds.
  • Once done, post the log here and provide the link to this thread.
Quote:Then was forwarded to some other random web page completely irrelevant to what I was searching for. Also, I went into my hosts file and noticed that it had all been erased, and was instead replaced with 127.0.0.1.
  • Step 7

    Open Notepad.

    Copy (Ctrl +C) and paste everything on the quote box below:

    Quote:@echo off
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    del %0

    In the Notepad interface, go to File > Save As.

    Specify the file name as reset.bat or anything you wish however using the same file extension.

    Change Save As Type to All Files and save the file to your Desktop.

    Now double-click on reset.bat located at your Desktop to run the batch file. It will self-delete when completed.
Quote:That's what really got me going, but AVG didn't detect anything under a rootkit, shell, and full computer scan.

I would recommend a change of Anti-Virus. Preferably Avira.

Quote:P.S. I have a program (CurrPort) and have 4 logs that I created with the internet off, turning it on, opening the internet, and another of when I went to a login page such as hotmail or battle.net. I was trying to trigger the process to start and maybe try to make a connection or something, if you would like the logs let me know and I'll PM them to you. Not sure I would want to share that over an open thread >.> Again thanks for all the great help so far.

Yes, please do so.
  • Step 8

    Please download the OLT Log Analysis from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
    • Save it to your Desktop.
    • Please double-click OTL.exe to run it.
    • Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output, change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two Notepad windows.
      • OTL.txt
      • Extras.txt
    • These are saved in the same location as OTL.
    • Please copy (Right-click > Select All > Copy) the contents of these files, one at a time, and post it with your next reply.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
    • OTL Scan Log
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Reply
#15
Step 7
Problems Encountered: N/A

Step 8
Problems Encountered: N/A

Link To Requested Logs:

SUPERanti Spyware Log
OTL
Extras
HijackThis
DDS
DDS Attach

I'll PM you the logs I made from the CurrPort.
Thanks,
|Z3R0|
[Image: Sig2.jpg]
Reply
#16
I now see the problem. You had a Rouge Anti-Virus attack.
  • Step 9

    Please download the OTM File Mover from 'here'.
    • Save it to your Desktop.
    • Please double-click OTM.exe to run it.
    • Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      explorer.exe
      Palladium.exe
      z.exe

      :Reg
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "Palladium"=-
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "Palladium Pro"=-
      [-HKEY_CURRENT_USER\Software\Palladium Pro]
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "Palladium Pro"=-
      [-HKEY_CURRENT_USER\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}]

      :Files
      %UserProfile%\Application Data\completescan_pal
      %UserProfile%\Application Data\install_pal
      %UserProfile%\Application Data\palladium.exe
      %UserProfile%\Application Data\uid_pal
      %UserProfile%\Desktop\Palladium.lnk
      %UserProfile%\Start Menu\Programs\Palladium.lnk
      %ProgramFiles%\Palladium Pro
      %ProgramFiles%\Startup\Palladium Pro.lnk
      %AppData%\Palladium.exe
      %AppData%\z.exe

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
    • Click the red MoveIt! button.
    • Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    • Paste it in your next reply.
    • Close OTM.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.
Reply
#17
Step #
Problems Encountered: N/A

Link To Requested Logs: OTM Log

I also noticed that I can't seem to see my hosts file in system32. I actually had links in there to uhh *cough* keep certain programs from *cough* contacting servers *cough cough ad-o-be cough* but it isn't showing up for me. I tried to make another hosts file instead but couldn't cause it says there was already a file named "hosts" and I'm not allowed to replace it. Any idea on that? Not THAT big of a deal if you don't know, just an inconvenience to me.
Thanks,
|Z3R0|
[Image: Sig2.jpg]
Reply
#18
Very well. Please follow the instructions below.
  • Step 10

    Please set Windows 7 to show both hidden and system files and folders so that you can find specific files to delete.
    1. Click Start and navigate to Control Panel.
    2. On Appearance and Personalization > Folder Options > Show hidden files and folders.
    3. On the View tab, uncheck the following:
      • Hide file extensions for known file types
      • Hide protected operating system files (Recommended)
    4. Click Yes on the warning message.
    5. Under Hidden files and folders, check Show hidden files, folders, and drives.
    6. Click Apply to All Folders.
    7. Click OK.
    Note: I will give you instructions for hiding them again once your system seems clean.
  • Step 11

    Please open Notepad as Administrator.
    • Click File > Open....
    • On the drop-down menu, set it to view All Files (*.*).
    • Navigate to C:\Windows\System32\drivers\etc > HOSTS.
    • Make the necessary changes and select File > Save.
Reply
#19
Step 10
Problems Encountered: N/A

Step 11
Problems Encountered: N/A

|Z3R0|
[Image: Sig2.jpg]
Reply
#20
Any other concerns?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Svchost.exe many of them Miku 11 3,626 01-05-2012, 04:20 AM
Last Post: hackopz
  Computer Acting Up ... Pyratepig 3 1,447 12-23-2010, 08:33 PM
Last Post: Pyratepig
  Server.exe in system 32 folder pobble 7 3,414 11-26-2010, 04:23 AM
Last Post: --([-S7N-])--
  [FIXED]Infected with b.exe `Sharan 26 8,358 10-28-2009, 02:22 AM
Last Post: `Sharan

Forum Jump:


Users browsing this thread: 9 Guest(s)