1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SVChost.exe

Discussion in 'Windows - Virus and spyware problems' started by Heather59, Aug 30, 2014.

  1. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Please can you tell me how to remove it? It is on Hubby's computer and it is making it impossible for him to get on line so he can't post on here. Thank you.
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Hi Heather,
    SVChost.exe is NOT the problem... Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions.

    In this case SCVhost is running a bad dll file that probably came in with malware.

    Use your computer to make a Rescue Disk for your hubby that may get him back on line so he can post here and I will help him clean up the rest....

    Go here:

    http://www.howtogeek.com/howto/36403/how-to-use-the-kaspersky-rescue-disk-to-clean-your-infected-pc/

    2oG
     
  3. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I can access his shared files. He did an mbam and it is too long to post as a single message.. ??
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    MBAM log would not show anything we need....

    Have him press the "Windows key", at left bottom of keyboard between CTRL & ALT, plus the "R" key to open the run box. Then type in cmd.exe and click OK. When the black cmd box opens, type in:
    ipconfig /flushdns and press enter..

    see if that resets his internet connection and let me know...

    2oG
     
  5. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I can access his computer and shared files, so I can post reports here, but this site keeps telling me the file is too long..
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    I don't need the MBAM Log!!!

    You can use the "Upload a File" Button below to attach any logs I might need. Use it instead of Copy/Past..
     
  7. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    His computer says it can not find that emd.exe file.
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    It's not emd it is CMD.exe make sure that is what he is using...
     
  9. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    DUH..sorry.. my mistake..I'm blind as a bat
     
  10. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    successfully flushed the dns resolver cache..
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Did that get him on the net???
    If not, I'll figure out another way....:confused:
     
  12. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Yes. He is on line
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Good.. But that didn't fix his problems and they will be back to haunt him. :(

    Have him come on here with his computer and I will help him clean it.
    There has been a bunch of cases of the "Poweliks" malware that is really bad and hard to get rid of. If he will check in with me I'll do everything I can to get him better...

    2oG :)
     
  14. Alryss

    Alryss Member

    Joined:
    Oct 24, 2013
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    I am online. I keep getting this svchost.exe notice from malwarebytes. It comes up every 3 to 5 seconds. It was putting up a random vid clip somewhere. I don't know where. I couldn't close it. Now it's just giving me this notice. I think AVG got rid of the vid problem. Not sure, though.
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    I need you to run a scan tool to provide me with the information I need to construct a Fix for your problems.

    Step 1

    Please download -> Farbar Recovery Scan Tool and save it to your desktop.
    Note: You need to run the version compatible with your system (32 or 64bit). If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the correct version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.

      [​IMG]
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Step 2

    After you generate both reports, please attach them. There is a button [​IMG] below. Use it to attach all reports.

    Location of the reports:

    FRST.txt and Addition.txt --> are on the desktop or in the same folder where you downloaded FRST


    2oG
     
    Last edited: Sep 12, 2014
  16. Alryss

    Alryss Member

    Joined:
    Oct 24, 2013
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Let me try this again.....
    Here are the files.
     

    Attached Files:

  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Well, I see a few bad guys but not what I expected..
    How is it running?
    Life gets in the way sometimes. It will be later before I can go through the log so please be patient...
     
  18. Alryss

    Alryss Member

    Joined:
    Oct 24, 2013
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    I fully understand. I appreciate all your help. I continue to get the malwarebytes notice of a malicious virus outgoing, but I don't get the vid's anymore. So, in that respect, it's better? I shutdown malwarebytes to get some peace from the notices. Not sure if they will come back, when I turn it back on.
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Before I go through the FRST Log, let's run these cleaners and see how much is left afterwards..


    Please download AdwCleaner by Xplode and save to your Desktop.

    Double click on AdwCleaner.exe to run the tool.
    • Click on the Scan button.
    • After the scan has finished click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Please attach this log in your reply..


    ***** NEXT *****



    Please download zoek.exe and save it to your desktop.
    1. Close any open browsers.
    2. Please Disable any Antivirus you have active, as shown in This topic.
      Note: Don't forget to re-enable it after the scan.
    3. Right click on zoek.exe and select "Run as administrator..." to run it.
    4. Please wait while the tool starts. It will appear to be doing nothing and may take 30+ seconds to come up.
    5. Copy the text inside the Code Box below and past it into the large window in the Zoek tool.
    6. Click on the Run script button.
    7. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required).
    8. Please Attach that report (Zoek-results.log) to your next post. It will also create a log at C:\zoek-results.log

    Code:
    createsrpoint;
    emptyfolderscheck;delete
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns;b

    2oG
     
  20. Alryss

    Alryss Member

    Joined:
    Oct 24, 2013
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Ok. Here are those results.
     

    Attached Files:

Share This Page