TechSpot

Svchost / powermanager Trojan.Agent

By Clinkzehffs
Aug 8, 2009
  1. All steps done. Yet it still exists in every reboot.

    By the way, scanning with Avast made every file shown as infected (my all exe files eventually), since they are infected with Hidrag/Jeefo, and I don't really want to delete them, if its a way to fix the files without deleting, it'd be nice, but if not, it can stay. I just want to kill the source of the virus to prevent further infection, and I believe the source is the fake svchost.exe.
     

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You're leaving the trojan.agent active... Let Avast quarantine the flagged files, but before you scan again, turn off System Restore by going to Control Panel, System, Advanced and uncheck the checked boxes. After the scans are clean, you can turn on System Restore again
     
  3. Clinkzehffs

    Clinkzehffs TS Rookie Topic Starter Posts: 75

    If Avast quarantines the flagged files, that'd be all files, means I d have absolutely nothing on my comp..

    Basically, isn't there a way to remove that fake svchost, then it'd be all resolved?
     
  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Your posted logs aren't totally clean. If you have clean logs, post them...

    "If Avast quarantines the flagged files, that'd be all files, means I'd have absolutely nothing on my comp"...

    Avast flags "suspicious" files, not all SYSTEM files... Some can be quarantined, some need to be removed
     
  5. Clinkzehffs

    Clinkzehffs TS Rookie Topic Starter Posts: 75

    "Hidrag then stays in Windows memory as an active process, searches for EXE files on all drives - starting with the C: drive - and infects them."
    -> as far as the svchost.exe is running, it keeps infecting my all EXE files, means Avast will give a warning for my every EXE file, wanting to quarantine or delete it.
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Do a fresh install of the OS
     
  7. Clinkzehffs

    Clinkzehffs TS Rookie Topic Starter Posts: 75

    Ehm, so basically, even if I manage to delete the fake svchost.exe, infected files will reform another fake svchost.exe which won't gain me anything, and in the long run, that means, I have to delete the fake svchost.exe AND all infected files. Right? Else I am fine with infected files being infected, just want to prevent further infection.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...