1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Avast keeps detecting virus svchost.exe..

Discussion in 'Windows - Virus and spyware problems' started by ptkut, Apr 27, 2015.

  1. ptkut

    ptkut Member

    Joined:
    Jan 7, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    So for the past week i been noticing every once in awhile avast will pop up with the threat detected message. There are 2 different ones that pop up one says..

    epictory.com/4343/genmaker_142669175167714.dll
    infection: url:mal
    process C:\windows\system32\svchost.eve

    And i forgot what the other one says but both are svchost process..I tried everything i can think of..
    ran Avast scan
    Malwarebytes
    superantispyware
    spybot
    roguekiller
    esetpowerlikscleaner
    emsisoftemergencykit
    ccleaner
    auslogics
    slimcleaner

    They did find some stuff but the pop ups still continue, i ran them in normal mode and then a second time in safe mode. And then even a third time i ran malwarebytes, avast and superantispyware. Still the problem continues.

    I was basically going to just reformat and reinstall windows now but was wondering if there is anything else i can try first or what causes this virus?
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    Hello ptkut,
    Please run a scan for me to help me find it:

    [​IMG] Scan with Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
    Please attach both logs to your next reply.

    2oG
     
  3. ptkut

    ptkut Member

    Joined:
    Jan 7, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    Thank you, i will do that and get back to you asap.
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    don't hurry, post it when you can... I have to go out of town tonight and may not be back til tomorrow late.
    see you then.
    2oG
     
  5. ronhondo

    ronhondo Member

    Joined:
    Sep 20, 2008
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    I gave up and formatted and reloaded windows. Nothing I tried worked. I'm really angry at Malwarebytes not correcting this problem. I paid for it and wasted my money.
     
  6. ptkut

    ptkut Member

    Joined:
    Jan 7, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    Before i ran this farbar i ran combofix and hijackthis. That was 3-4 hours ago and i haven't had the pop up yet since. But let's see what farbar says.
     

    Attached Files:

  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    combofix can fix a few things by just running but you really need to be trained on it or you can make a boat anchor out of your computer, Hijackthis is outdated and useless on newer computers.

    I'll go over your logs when I get home tonight.... see you later... don't run any more cleaning programs!

    2oG
     
  8. ptkut

    ptkut Member

    Joined:
    Jan 7, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    Cool thanks. As of now i still haven't had the "threat detected" pop up yet.
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    Well, hopefully combofix picked it up.. To be sure let's run a fix with Zoek and a rerun of FRST:

    [​IMG] Scan with ZOEK

    Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
    Please also download the attached scriptfile, named zoekscript.txt.


    [​IMG] Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

    Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:
    [​IMG]

    Please approve any UAC prompt to allow this action to proceed.

    Answer Yes to the following prompt to allow the zoek script to run:

    [​IMG]

    This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

    When the tool finishes, the zoek-results.log is opened in Notepad.
    The log is also found on the systemdrive, normally C:\
    If a reboot is needed, the log is opened after the reboot.

    Please attach the zoek-results.log to your reply.



    [​IMG] Scan with Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
    Please attach both logs to your next reply.


    2oG
     

    Attached Files:

Share This Page