Articles

Virus located in SVCHost.exe

February 7, 2012 at 14:30:04
Specs: Windows 7, 2.Ghz

I have run Malwarebytes, Windows Defender and Superanti-spyware and all report I have a trojan located in Windows\svchost.exe
Everytime I get Malwarebytes or Windows Defender to clean it, I still get a virus warning flag up the next time I restart.

I know people usually want a hijack this report at this point, so that is below...

[QUOTE]
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11732 bytes
[/QUOTE]

The virus basically stops my internet explorer from properly working, directing me to a dietpuma.com website everytime I click on a link instead of typing the address of the website into the address bar.

Any help would be much appreciated.


See More: Virus located in SVCHost.exe

Report •


#1
February 7, 2012 at 15:34:32

That is not a complete hijack this log.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
February 7, 2012 at 16:14:31

What am I missing? I ran the do a system scan and copied over the log.txt

Report •

#3
February 8, 2012 at 08:34:24

It doesn't look like you copied the entire log. It's starting at O23. I should see RO, R1, then O3 or something like that at the beginning.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
February 8, 2012 at 11:58:23

I know people usually want a hijack this report at this point, so that is below...

haha....HJT logs are not allowed unless REQUESTED by a member....and then the person posts 1/2 a log that is NOT requested by a member...that is funny.
This forum has rules and that's what makes it the best tech site online...it would be nice if people abided by them.

Here's a good place to start and a great way to get the best volunteer help on this site:
http://www.computing.net/howtos/sho...
good luck

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#5
February 9, 2012 at 00:54:25

If you happen to find the rest of the log, I'll be glad to look at it.

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question