Yet another svchost.exe virus

Solved
By E-Will 1.0
Jan 4, 2013
  1. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Will do... tomorrow. Bed time now, the 3 yr old wore me down today. Thanks again.
  2. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Also, does Control Panel>System work?

    Then...

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      sysdm.cpl
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  3. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Control Panel > System works.

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:02 on 04/02/2013 by EMW
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "sysdm.cpl"
    C:\Windows\System32\sysdm.cpl --a---- 352768 bytes [12:46 21/05/2011] [13:24 20/11/2010] DAAF9C77603F77988D3B0E74400F5038
    C:\Windows\SysWOW64\sysdm.cpl --a---- 326656 bytes [12:46 21/05/2011] [12:16 20/11/2010] BEFF01C9F044BA2AD7F5FB837972FC90
    C:\Windows\winsxs\amd64_microsoft-windows-sysdm_31bf3856ad364e35_6.1.7600.16385_none_be7724668eeddea7\sysdm.cpl --a---- 352768 bytes [23:56 13/07/2009] [01:38 14/07/2009] D729157F8BE55CD7B67BE87DE43DEB4B
    C:\Windows\winsxs\amd64_microsoft-windows-sysdm_31bf3856ad364e35_6.1.7601.17514_none_c0a8382e8bdc6241\sysdm.cpl --a---- 352768 bytes [12:46 21/05/2011] [13:24 20/11/2010] DAAF9C77603F77988D3B0E74400F5038
    C:\Windows\winsxs\x86_microsoft-windows-sysdm_31bf3856ad364e35_6.1.7600.16385_none_625888e2d6906d71\sysdm.cpl --a---- 326656 bytes [23:40 13/07/2009] [01:14 14/07/2009] 868F49DBC1B125C5EC0275EC9A0EF5A3
    C:\Windows\winsxs\x86_microsoft-windows-sysdm_31bf3856ad364e35_6.1.7601.17514_none_64899caad37ef10b\sysdm.cpl --a---- 326656 bytes [12:46 21/05/2011] [12:16 20/11/2010] BEFF01C9F044BA2AD7F5FB837972FC90
    -= EOF =-
  4. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Open Windows Explorer, navigate to C:\Windows\System32 folder and double click on sysdm.cpl file.
    Will it open system properties?
  5. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Yes

    Control Panel > System , opens the new Win 7 "View Basic Information about your Computer" If I click, System Protection on the left of that page, it envokes the same old xp window "System Properties" that sysdm.cpl opens.
  6. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    This is very weird.
    Is "Properties" the only right click menu option which doesn't work?
    See if you have same issue in safe mode.
  7. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Open - check
    Manage - very slow, but check
    Scan for threats - check
    Map network drive - check
    Show on Desktop - actually is checked
    Rename - check
    Properties - bzzt. No dice. Nor does it work in Safe mode.

    But all that said, do you think this is virus related? I'm happy working further, but don't want to waste your time on something that is more relevant in another thread. Your call.
  8. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Your computer is definitely clean and we checked all possible places where we could find something blocking that right click item.

    I'll give it one more shot.
    Create another admin account and see if same issue happens there.
  9. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Well that's interesting... When I click "Create a New Account" guess what happens.

    Nothing.

    I'm going to try safe mode.
  10. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    No luck in Safe mode. Other account things work, like changing my picture, etc. I didn't touch the pwd, just in case.

    Thoughts? Could this just be a Windows repair issue?
  11. Broni

    Broni Malware Annihilator Posts: 46,177   +251

     
  12. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Disable it when done.

    No luck. Same problem with both Properties, and trying to create a new account. Using the 'old' control panel interface it hangs up at 'Create a new account'. Using the 'new' category grouping it hangs up at "add and remove accounts". Not a real hang-up, just does nothing.
  13. Broni

    Broni Malware Annihilator Posts: 46,177   +251

  14. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Okay, that's pretty much the conclusion I was coming to as well, thanks.

    So, we're done here, but I will let you know how that goes.

    At the beginning of my post, I mentioned I had at least 1 infected PC, if not 2. You've seen the backup files for "Vicki Laptop". Given how much effort it was to clean this, and given that I don't care so much about most of the executables on that Laptop, I'd like to backup some files off it and then wipe it rather than network it and try downloading items. Besides, once networked it's pretty much a brick. (seems tolerable in safe mode w/o networking)

    My plan is to
    Use a dedicated memory stick
    Only transfer user files eg Photos, Vids, Doc, etc., and not just a wholesale "my docs" copy. Abosolutely no executables.
    Scan the memory stick upon insertion to this PC
    Paste, repeat. Best I've got is a 32 GB stick, and I've got about 90 GB of files... mostly pictures.

    Thoughts on that process? Or should I copy some of your recommended executables over to that machine and run them first? Or what?

    Thanks again for your help here.
  15. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    If you don't have to backup too much clean installation is always the fastest solution.

    As for USB flash drive...

    Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on your computer to protect it from any infected USB device.
    Then you'll be safe to plugin USB drive and scan it.
  16. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Okay, good tips there, thanks.

    I'm having trouble here though. Windows installer gives me three errors...

    1) The version of Windows I have is more recent than the upgrade version (Whaaa?)

    2) Please uninstall iTunes. I'd rather not, I deauthorized.
    3) Logitech Quickcam Driver needs to be uninstalled. I don't have such a device, but the driver is listed in Programs, and when I double click to uninstall it gives me an error saying the file has already been uninstalled, would I like to remove it from the menu. Clicking 'yes' does nothing.

    ... no sign of anything Logitech on my machine.
  17. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    1. You'll have to uninstall SP1 in order to run Windows repair.
  18. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Possible alt? Win8 upgrade?
  19. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    With changing OS my strong suggestion is always the same.
    Clean installation is the best.
    You don't want to drag old issue and garbage from one OS to another.
  20. E-Will 1.0

    E-Will 1.0 Newcomer, in training Topic Starter Posts: 57

    Everyting seems to be working after a windows repair.

    Thanks again. And I'll use USB Immunizer to make the backups of the other machine and just do a clean install there.
  21. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.