Inactive Strange hidden virus or something

Status
Not open for further replies.
A

Argmyleg

about every 5 minutes Ive been getting a message from my avast that looks like

4/1/2010 9:51:44 PM C:\WINDOWS\TEMP\towf.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
File was successfully moved to chest...
4/1/2010 9:57:01 PM C:\WINDOWS\TEMP\cmol.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
File was successfully moved to chest...
4/1/2010 10:02:14 PM C:\WINDOWS\TEMP\loig.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
File was successfully moved to chest...
4/1/2010 10:07:27 PM C:\WINDOWS\TEMP\ipna.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
File was successfully moved to chest...
4/1/2010 10:12:41 PM C:\WINDOWS\TEMP\kaou.tmp\svchost.exe [L] Win32:MalOb-AL [Cryp] (0)
File was successfully moved to chest...

and Ive done 3 scans with avast and one with spybot and another with malewatebytes but none of them can find out what keeps causing the scvhost.exe thing, Im pretty sure something is trying to take control of my machine and sometimes Ill get a weird IE pop up to some weird site and I stop getting the scvhost.exe things when I disconnect from the web so Im not sure whats going on, if anyone has any ideas I would love to know, its a bit worrysome.
 
svchost.exe (or service host) is a normal process that contains many sub-services and can be hijacked by numerous worms and other infections. one instance of the process is in control of your network services so when you're connected you may notice the process causing problems.

what operating system are you using?
 
hey man,
dude i have the same problem with avast. every few mins the same scvhost.exe virus pops up

ive done like a million scans, removed everything but it keeps coming up.
i'd love to have this prob fixed cause its getting kind of annoying
so if anybody knows how to fix this, it would be very very appreciated for you to help!
 
Trying to at least attach these 2
 

Attachments

  • SUPERAntiSpyware Scan Log - 04-02-2010 - 12-55-47.log
    465 bytes · Views: 3
  • mbam-log-2010-04-02 (11-13-00).txt
    894 bytes · Views: 2
Please paste the HijackThis log into the reply. The lack of connection has to do with your ISP or wireless, not the thread.
 
I tried copying the main body but got the same error - could not connect. After that the errors got even worse. I'm gonna give up and nuke the drive. Thanks for your help anyway.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back