Something I can't seem to shake

[Acclamator]

Hey, I'm asking for help with a problem I've recently been having.

Recently, while playing any game (happens with every game), after no more than 1 hour of gameplay, the game becomes visibly choppy and somewhat laggy (as if some heavy process started going on in the background). I check task manager but I can't seem to find any process that looks fishy (nothing I haven't seen before).

When this happens and I try to reboot, it gives me this:

Something I haven't seen before. Google results for sysvxd.exe seem to be consistent with the description of spyware, something like that. I've tried CCleaner (both registry and cleanup), as well as did a full scan using Avira, but the problem persists. I'd be very grateful if anyone can help me remove this pesky problem. It makes online gaming in particular a drag when playing for a long time. Thanks in advance!

 

[Archean]

Can you please run Hijackthis & Malwaybytes and post their logs?

 

[Acclamator]

Can you please run Hijackthis & Malwaybytes and post their logs?

I hope this file is what you were asking for. Malwaybytes is currently scanning, I'll upload whatever logs I find once it's complete.

 

[Acclamator]

Scan complete for Malwarebytes. It did pick up sysvxd.exe. The log has been attached, I've gone ahead and removed everything it detected.

 

[Archean]

Mbam has identified an infections (trojans/spywares) in your system with the comment that "no action was taken", I'll advise you to rescan and remove these infections/spywares and see what happens.

Also remember that the original svchost.exe is located in windows\system32; mbam has also identified an svchost.exe (trojan) located in windows\system32\drivers, remove it as well. Good luck and keep us posted. Regards

infections list:
Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP166\A0054495.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP119\A0028382.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP141\A0042372.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP141\A0042409.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP141\A0042413.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP141\A0042415.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP141\A0042417.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP141\A0042418.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{9433FCCD-5F5A-42AC-8355-F42909CEA757}\RP142\A0043255.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> No action taken.

 

[Acclamator]

Thank you for your help, the problem seems to be gone now.

 

[Archean]

Glad to hear that; surf safely

peace.

 

[Bobbye]

Let me know if you would like to finish the job. Unfortunately resolving one problem doesn't mean all of the malware is gone.

Please don't do any system Restores- the restore points are infected. Part of closing is removing them.

 

[Archean]

Thats very important; thankyou for reminding about that Bobbye.

Usually, if i find something suspicious in my restore points i get rid of them all and start afresh, if you have a better approach/answer please enlighten us. Regards.

 

[Bobbye]

Archean, I sent a PM with the info. The tendency here has been to leave a thread when someone says they are working better. This is not the best ways to do it. In addition to making sure all the malware has been found and removed, we should help the member remove the cleaning tools and old restore points.

This is frequently neglected.

 

[Archean]

Fair point; and thanks Bobbye, and Acclamator; here are the steps recommended by him to remove infectious restore points.

First, you now need set a new Restore Point to prevent infection reoccur from any previous Restore Points. The easiest and safest way to do this is:

* Go to Start > All Programs > Accessories > System Tools and click "System Restore".
* Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
* Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
* Click "OK" to select the partition or drive you want.
* Click the "More Options" Tab.
* Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


More details and screenshots for Disk Cleanup in Windows Vista can be found here.

Do let us know if you face any issue in this respect.