TechSpot

Strange hidden virus or something

Inactive
By Argmyleg
Apr 1, 2010
  1. about every 5 minutes Ive been getting a message from my avast that looks like

    4/1/2010 9:51:44 PM C:\WINDOWS\TEMP\towf.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
    File was successfully moved to chest...
    4/1/2010 9:57:01 PM C:\WINDOWS\TEMP\cmol.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
    File was successfully moved to chest...
    4/1/2010 10:02:14 PM C:\WINDOWS\TEMP\loig.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
    File was successfully moved to chest...
    4/1/2010 10:07:27 PM C:\WINDOWS\TEMP\ipna.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
    File was successfully moved to chest...
    4/1/2010 10:12:41 PM C:\WINDOWS\TEMP\kaou.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
    File was successfully moved to chest...

    and Ive done 3 scans with avast and one with spybot and another with malewatebytes but none of them can find out what keeps causing the scvhost.exe thing, Im pretty sure something is trying to take control of my machine and sometimes Ill get a weird IE pop up to some weird site and I stop getting the scvhost.exe things when I disconnect from the web so Im not sure whats going on, if anyone has any ideas I would love to know, its a bit worrysome.
     
  2. EXCellR8

    EXCellR8 The Conservative Posts: 2,278

    svchost.exe (or service host) is a normal process that contains many sub-services and can be hijacked by numerous worms and other infections. one instance of the process is in control of your network services so when you're connected you may notice the process causing problems.

    what operating system are you using?
     
  3. ChunHanson

    ChunHanson TS Rookie

    hey man,
    dude i have the same problem with avast. every few mins the same scvhost.exe virus pops up

    ive done like a million scans, removed everything but it keeps coming up.
    i'd love to have this prob fixed cause its getting kind of annoying
    so if anybody knows how to fix this, it would be very very appreciated for you to help!
     
  4. Broni

    Broni Malware Annihilator Posts: 47,975   +271

  5. Argmyleg

    Argmyleg TS Rookie Topic Starter

    Im trying to post the logs and such but its not letting me, when I try it just says there is no connection
     
  6. Argmyleg

    Argmyleg TS Rookie Topic Starter

    trying to at least attach these 2
     

    Attached Files:

  7. Argmyleg

    Argmyleg TS Rookie Topic Starter

    it wont let me even post the hijackthis one into the main body and I cant attach it, any ideas?
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please paste the HijackThis log into the reply. The lack of connection has to do with your ISP or wireless, not the thread.
     
  9. Argmyleg

    Argmyleg TS Rookie Topic Starter

    I tried copying the main body but got the same error - could not connect. After that the errors got even worse. I'm gonna give up and nuke the drive. Thanks for your help anyway.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.