| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 58502 | 2005-06-02 18:20:00 | Need help removing worm/trojan | chatioc99 (8258) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 360655 | 2005-06-02 18:20:00 | :yuck: Despertly seeking help with worm/trojan removal.I just reformetted and partioned 3 times 2 hrs ago and I still have it.In task mgr,under processes tab there are anywhere from 6 to 8 different svchost.exe running I can't delete them nor can I end the processes any atempt results in pc shut down I have conservitvly 20 virus firewall etc programs for all the good they do/did.I can't get rid of the svchost.exe,my pc shuts down at will kicks me off line openes things on a whim,or won't open things on a whim,I',m sluggish and slow.And this is a BRAND new out of the box (8 mos) PC.PLEASE HELP ME!!!!! And this is the 13th time in 8 mos I've had to do a full reformatt I'm getting real tired of this!! | chatioc99 (8258) | ||
| 360656 | 2005-06-02 18:27:00 | svchost.exe is quite a normal part of windoze you cant and wont be able to get rid of them all........however it does sound' like you got probs......when you reformatted and got the pc back online did you enable the firewall before you got back on line...........you MUST do that otherwise you WILL catch viruses potentially in seconds......install an antivirus prog........and or download 'stinger' and run em in safe mode...... | drcspy (146) | ||
| 360657 | 2005-06-02 18:28:00 | Welcome to PressF1. First thing first, what makes you think svchost.exe is a virus or a worm? I believe it is a legitimate Windows file, although there are reported cases that some viruses or other nasty wares also use the name svchost. Perhaps you might want to post your computer specs as will as a HijackThis log from Merijin? Cheers :) |
Renmoo (66) | ||
| 360658 | 2005-06-02 18:48:00 | ..... and I think this topic should be posted under PressF1 section, not here..... | Renmoo (66) | ||
| 360659 | 2005-06-02 18:56:00 | take a look under taskmanager and tell us what percentage of cpu capacity is in general being used up.....a virus etc will often show up as using quite a bit of the cpu if not all......check the processes tab in taskmanager.. is the system slow just on the internet or slow in general ......i rebuilt a system for soemone recently and it was ridiculously slow .....ran like a p200 with not enuf ram but it was an amd 2000+xp with plenty of ram......anyway it transpired that the new hdd i had installed was faulty.....grrrrrr....this allowed the system to run but VERY slowly.......you need to examine the processes runnin on your system to identify what might be the culprit.....i have 6 instances of svchost.exe running right now.... | drcspy (146) | ||
| 360660 | 2005-06-02 19:03:00 | ok the cpu is fluxuating between 91 ;15 ;06 ;17 I have 9 svchosts.exe running at the present it changes every time IO look at it. | chatioc99 (8258) | ||
| 360661 | 2005-06-02 19:21:00 | As already suggested, download HijackThis from here (www.majorgeeks.com). It is a zipped file so you will need to extract it first to somewhere safe eg under C:\My Program and Files and then run the program. Post the log that it generates back here and do not attempt to fix anything until we have viewed the results of that log. :) | Jen (38) | ||
| 360662 | 2005-06-02 19:28:00 | ok did it but I have no idea how to get it to you | chatioc99 (8258) | ||
| 360663 | 2005-06-02 19:31:00 | Just open up your log and copy and paste it into your reply box (select all the text and then use the keys CTRL-C to copy, and then CTRL-V to paste). | Jen (38) | ||
| 360664 | 2005-06-02 19:36:00 | www.liveperson.com www.liveperson.com Logfile of HijackThis v1.99.1 Scan saved at 2:19:37 PM, on 6/2/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\msco rsvw.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\Common Files\Logitech\PDDriver\LVCOMS.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\AOL\111769~1\EE\AOLHOS~1.EXE C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\PROGRA~1\COMMON~1\AOL\111769~1\EE\AOLServiceHos t.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Webshots\webshots.scr C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\LIUtilities\WinTasks\wintasks.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\LIVEPE~1\hc.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Siber Systems\AI RoboForm\Identities.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Stormy East\My Documents\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.pconpoint.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117692858\EE\AOLHostManager.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\PDDriver\LVCOMS.EXE O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 6.0\statusmonitor.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: GFI LANguard N.S.S. 6.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe" -service (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe |
chatioc99 (8258) | ||
| 1 2 | |||||