Jump to content
TheHotfix.net is closing! Read more... ×
Sign in to follow this  
MrDan

svchost.exe pain in the ass removal?

Recommended Posts

Right, I seem to have gotten a virus downloader that is pouring viruses into my PC. In the task manager it's called svchost.exe (Aguante Central). If I end the task it will just run it's self again and again and again.... If I open the file location of the downloader (C:\Users\Dan\AppData\Roaming\install) the folder is empty, even with hidden files and OS files visible.

Microsoft Security Essentials doesn't detect it, SpyBot Search and Destroy finds it but then can't delete it in any way at all, MalwareBytes doesn't detect it....

435902019.PNG

548802586.PNG

WTF can I do? This is really frustrating me!

Share this post


Link to post
Share on other sites

it is but thats a virus

x64 dont have no 32 bit version of that file

u try safe mode

what the hell is explorer doing 32 bit?

ok make a new account

go in to safe mode

move those files out of thet folder into a new folder on the new user desktop

make a another account

reboot normal into new 3rd account

use spybot to find that file

put every thing back

delete new accounts

should fix problem

Edited by Scott

Share this post


Link to post
Share on other sites

Listen to Scott and also try finding some programs that specialize in rootkits. Also it's an obvious virus as svchost.exe doesn't have that kind of description, isn't 32bit on a 64bit O/S and isn't run within the users account. Usually it is running from a SYSTEM, Local Service or NETWORK account.

Share this post


Link to post
Share on other sites

Dan if you have the ability, remove that drive from the PC and set it up as either a Slave on another PC (With a fully updated AV running) or put it in a caddy

Then scan it from the host PC - that way no files will be in use / locked and will be easier to delete them

My plan for age has been to set up a Linux machine for this, but I`ll be damned if I can find any AV that works with Ubuntu

TO be honest, If you use that system to log onto sites you would be p1ssed off with losing your password to, or do online banking or paypal - I would never trust it again - Wipe would be my solution unless it was just a gaming machine or something

Share this post


Link to post
Share on other sites

Ok, thanks for all your help but I reinstalled Windows as it was just easier and I don't have alot of time atm because I was hungry :P

@Scott I did was you told me but another process just re-appeared in the new account's task manager. I assume it was downloaded from the downloader before entering safe mode? :(

Dave, I did a fully new installation. I deleted the partition and not just formatted it so I can be safe in knowing that nothing is left on the drive!

And I have no idea why there was another explorer.exe process running in 32bit mode pinch.gif

@Franpa I used the Sophos Anti-Rootkit (I know probably crappiest one out there :P) but it just gave loads of false positives down.gif

@Miss A I got VAC banned from MW2 mistakenly (might be something to do with a false positive on VAC's behalf) and my friend (not very good at computers) found a torrent that I now know was the trojan downloader laugh.gif

Share this post


Link to post
Share on other sites

try Trend Micro's Hijack This.

He already wiped it :blink:

Dave, I did a fully new installation. I deleted the partition and not just formatted it so I can be safe in knowing that nothing is left on the drive!

Best idea.. I really need to wipe my system, I think its clean, but it has been a while and I download loads of cracks for stuff... and also I dont have anywhere to put my stuff :(

Share this post


Link to post
Share on other sites

try Trend Micro's Hijack This.

I tried that but it didn't find it either :(

Best idea.. I really need to wipe my system, I think its clean, but it has been a while and I download loads of cracks for stuff... and also I dont have anywhere to put my stuff :(

haha, buy a WD My Book external drive. Just don't buy it from the same batch I did lol... I had it replaced 4 times :P But it works wonders now :) I have the 1TB edition but I believe they now do 3TB?

Share this post


Link to post
Share on other sites

It really does not surprise me that you had to return a piece of hardware 4 times Dan :lol:

Have you ever held onto the probes of a multimeter to see how much electricity you are pumping out into all these failing parts ? lol

Share this post


Link to post
Share on other sites

was my last post deleted or did something go wrong?

How much extra room you got on your hard drive dave?

Maybe you could make a partition on it and move all your goodies over.

Then make a 40 gig partition for windows to install to.

Share this post


Link to post
Share on other sites

Not sure what happened to your post, I never saw it, maybe it didn't post properly.

I have a 1TB drive with 200GB free and 332GB downloads to save - also I have over 40 installed games of which many of them I am part way through and dont want to lose the saves, or have to install them all again

Share this post


Link to post
Share on other sites

Oh boy. This is something that could have been easily solved with Process Explorer. You run that and look at the process information. You can see the path it's running from, go to that path, show hidden and system files, kill the process and delete it. That would have been simple to get rid of. Certainly not worth a complete re-install of Windows. You let another virus maker win. :(

Process Explorer is part of the Microsoft Technet Sysinternals suite located at http://technet.microsoft.com/sysinternals I use Process Explorer as a replacement for Task Manager and it makes removing viruses so much easier.

Share this post


Link to post
Share on other sites

Naa, once your machine is badly infected, the only completely sure way to know your personal data is safe is a wipe - keyloggers, rootkits etc could have easily been downloaded and installed on the machine, online banking, important passwords etc .... Too important to take chance with

Share this post


Link to post
Share on other sites

Oh boy. This is something that could have been easily solved with Process Explorer. You run that and look at the process information. You can see the path it's running from, go to that path, show hidden and system files, kill the process and delete it. That would have been simple to get rid of. Certainly not worth a complete re-install of Windows. You let another virus maker win. :(

Process Explorer is part of the Microsoft Technet Sysinternals suite located at http://technet.micro...om/sysinternals I use Process Explorer as a replacement for Task Manager and it makes removing viruses so much easier.

The thing is, when I deleted it, it just kept coming back within 2 seconds every time.

Naa, once your machine is badly infected, the only completely sure way to know your personal data is safe is a wipe - keyloggers, rootkits etc could have easily been downloaded and installed on the machine, online banking, important passwords etc .... Too important to take chance with

exactly :)

Share this post


Link to post
Share on other sites

a bit off topic here but, process explorer is made by microsoft as a replacement of task manager, it works sssooo much better and is way easier to use ..... so why hasn't microsoft just completely replaced task manager with process explorer in the OS?!?

Share this post


Link to post
Share on other sites

They would need to dumb it down a significant amount first... and then they'd have the original Task Manager >.>"

Share this post


Link to post
Share on other sites

They would need to dumb it down a significant amount first... and then they'd have the original Task Manager >.>"

So true. Most people can hardly open email or IE. Let alone play with something like this.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×