New svchost.exe hijacking all system resources..

By StupidNameBox
Jul 17, 2013
  1. OK, hoping someone has a fix I have just overlooked. I have spent two days browsing these forums in order to solve a critical problem with my computer. Sorry for the long post, just assumed it was best to be detailed.
    My wife and I were using firefox in order to look up an episode of a tv show we wanted to watch. She inadvertently clicked a nefarious side bar link that immediately opened about a dozen pop up windows. Typically my virus scanner would step in and prevent any serious damage from being done to the OS on the rare occasion that something like this happened. Unfortunately, I had temporarily turned off the active portion of the AV software to improve performance in a game I was playing earlier in the day. Long story short, the pc contracted some sort of awful malware. Here are the computer details, and potential fixes already undertaken.
    Last note: I wouldnt consider myself a complete novice when it comes to working with virus and performance issues on my own computers, but I am by no means an expert or someone who troubleshoots pc problems by profession, so I apologize in advance if something below is not clear.
    toshiba satellite A505 running windows 7 home premium 64bit... 2.13ghz with 8 gb of ddr3 corsair ram
    Problem occuring:
    svchost.exe sucks up all available physical memory and cpu, severely lagging OS and any attempts at running programs. At times during av scan, computer shuts down unexpectedly, assuming this has to do with workload hardware is under due to above problem.
    Tracing the problematic svchost.exe process to the services related shows that it supports several potentially unwanted services within the netsvcs group: RasMan (Remote Access Connection Manager), Themes, Lanman server, Browser (Computer Browser), and CertPropSvc (Certificate Propogation).
    Additionally, I found two low memory usage processes that I dont recall being present on the pc previously:
    1. dllhost.exe (COM Surrogate)
    2. SDWinSec.exe *32 (Spybot - S&D Security Center Integration) - Important to note that I have NEVER installed any spybot av product, and the computer originally came with Kaspersky.. A cloned process or something was my worry..
    Finally, after typing in the password for windows login when booting the computer, the screen momentarily goes black with a light gray box that says "Please wait.." in a font I dont find familiar from any windows notification.
    Steps Taken:
    • Immediately ran MS security essentials quick scan. No results found
    • Immediately ran avast quick scan. No results found.
    • Decided to uninstall the infected browser next. no help
    • Decided to run ccleaner and delete all temp files, cookies, etc.
    • Decided to run avast boot scan. rebooted and ran scan overnight with no results.
    • Ran avast and MS sec ess full scans after reboot. No results found.
    • Decided to rerun avast and ms sec ess full scans from safe mode reboot. No results.
    • Decided to restore computer to one week previous to incident and then redownload all Windows and software updates. No results after reboot, problem still there.
    I do find that I can end the process tree on the three processes and it works for a few minutes before the process begins to take over all the system memory again. I also feel that the remaining browser I have installed runs massively heavy on memory when open, in the range of 100,000k to 200,000k...
    I ran a Hijackthis system scan.. results below:

    [HJT log removed by Broni]

    To me, this just raised more questions than answers, as there were a ton of unknown owner/file missing, as well as several ms office hijack sounding files that arent familiar to me from previous hijackthis logs.. Additionally, I do not think that Bit Defender, Trend Micro or Spybot have ever been on this computer, so I am not sure if these are bad occurences as well or not.
    Any help much much appreciated.
  2. StupidNameBox

    StupidNameBox TS Rookie Topic Starter

    In addition to all of the actions taken above, I have also run Malwarebytes Antimalware and MB Anti rootkit with no results found either, forgot to mention that.
  3. Broni

    Broni Malware Annihilator Posts: 52,789   +343

    Welcome aboard [​IMG]

    Please, complete all steps listed here:
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...