Svchost / powermanager Trojan.Agent

[Clinkzehffs]

All steps done. Yet it still exists in every reboot.

By the way, scanning with Avast made every file shown as infected (my all exe files eventually), since they are infected with Hidrag/Jeefo, and I don't really want to delete them, if its a way to fix the files without deleting, it'd be nice, but if not, it can stay. I just want to kill the source of the virus to prevent further infection, and I believe the source is the fake svchost.exe.

 

[Tmagic650]

You're leaving the trojan.agent active... Let Avast quarantine the flagged files, but before you scan again, turn off System Restore by going to Control Panel, System, Advanced and uncheck the checked boxes. After the scans are clean, you can turn on System Restore again

 

[Clinkzehffs]

If Avast quarantines the flagged files, that'd be all files, means I d have absolutely nothing on my comp..

Basically, isn't there a way to remove that fake svchost, then it'd be all resolved?

 

[Tmagic650]

Your posted logs aren't totally clean. If you have clean logs, post them...

"If Avast quarantines the flagged files, that'd be all files, means I'd have absolutely nothing on my comp"...

Avast flags "suspicious" files, not all SYSTEM files... Some can be quarantined, some need to be removed

 

[Clinkzehffs]

"Hidrag then stays in Windows memory as an active process, searches for EXE files on all drives - starting with the C: drive - and infects them."
-> as far as the svchost.exe is running, it keeps infecting my all EXE files, means Avast will give a warning for my every EXE file, wanting to quarantine or delete it.

 

[Tmagic650]

Do a fresh install of the OS

 

[Clinkzehffs]

Ehm, so basically, even if I manage to delete the fake svchost.exe, infected files will reform another fake svchost.exe which won't gain me anything, and in the long run, that means, I have to delete the fake svchost.exe AND all infected files. Right? Else I am fine with infected files being infected, just want to prevent further infection.