Posts: 13
Threads: 5
Joined: Feb 2017
Reputation:
0
Hello sir,
My Pc infected by svchost.com how to remove please guide me.
all exe files are affected, and data consumption is very high.
thanks in advance.
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation:
145
Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Install the progam and select update.
- Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Scan Now.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the Scan Log.
- At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Posts: 13
Threads: 5
Joined: Feb 2017
Reputation:
0
Posts: 1,398
Threads: 332
Joined: Dec 2015
Reputation:
25
(05-04-2018, 03:40 PM)maa Wrote: Hello sir,
My Pc infected by svchost.com how to remove please guide me.
all exe files are affected, and data consumption is very high.
thanks in advance.
Svchost.com or svchost.exe? Svchost.exe has an important role in windows at least from xp to windows 10.
If its svchost.exe go into your taskmanager select the processes tab then right click on the svchost thats causing problems and choose goto services in the the drop down menu, doing this method will allow you to see what services belong to the svchost.exe thats causing problems.
(Right click on the taskbar and select task manager)
Posts: 55
Threads: 13
Joined: Jan 2015
Reputation:
0
Hi I'm having the same problem I scaned with hitman pro and get svchost.exe Suspicious I can only sollect Ignor and nothing else I scaned with Malwarebytes and found nothing I then scaned with Adwcleaner and still nothing found. Do you have any info on this problem? this is a copyof hitman pro log
Code:
HitmanPro 3.8.0.292
www.hitmanpro.com
Computer name . . . . :
Windows . . . . . . . : 10.0.0.17134.X64/4
User name . . . . . . :
UAC . . . . . . . . . : Enabled
License . . . . . . . :
Scan date . . . . . . : 2018-05-12 07:06:09
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 51s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 308
Objects scanned . . . : 1,577,903
Files scanned . . . . : 48,507
Remnants scanned . . : 229,222 files / 1,300,174 keys
Suspicious files ____________________________________________________________
C:\WINDOWS\system32\svchost.exe
Size . . . . . . . : 51,288 bytes
Age . . . . . . . : 10.4 days (2018-05-01 21:31:07)
Entropy . . . . . : 6.1
SHA-256 . . . . . : C9A28DC8004C3E043CBF8E3A194FDA2B756CE90740DF2175488337281B485F69
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Host Process for Windows Services
Version . . . . . : 10.0.17134.1
Copyright . . . . : © Microsoft Corporation. All rights reserved.
RSA Key Size . . . : 2048
Service . . . . . : WpnUserService_64d90
Process Type . . . : Critical
LanguageID . . . . : 1033
Authenticode . . . : Valid
Running processes : 68, 492, 572, 904, 940, 1076, 1156, 1168, 1220, 1248, 1352, 1400, 1408, 1448, 1556, 1636, 1712, 1752, 1756, 1808, 1880, 1920, 1936, 1948, 1988, 2036, 2140, 2172, 2240, 2248, 2340, 2356, 2416, 2512, 2520, 2540, 2568, 2612, 2656, 2748, 2756, 2996, 3104, 3240, 3268, 3492, 3576, 3612, 3640, 3644, 3664, 3700, 3736, 3748, 3848, 3904, 3924, 4180, 4384, 4684, 5156, 5592, 6216, 6664, 6972, 7084, 8068, 8360, 11300, 11464, 11712, 12332, 12676, 13880
Fuzzy . . . . . . : 25.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
This program is actively listening for inbound network connections.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
Time indicates that the file appeared recently on this computer.
This file's process is marked as system critical.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_64d90\
HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_64d90\
HKLM\SYSTEM\ControlSet001\Services\CaptureService_64d90\
HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\MessagingService_64d90\
HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_64d90\
HKLM\SYSTEM\ControlSet001\Services\WpnUserService_64d90\
HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\
HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
HKLM\SYSTEM\CurrentControlSet\Services\AssignedAccessManagerSvc\
HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\
HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
HKLM\SYSTEM\CurrentControlSet\Services\BFE\
HKLM\SYSTEM\CurrentControlSet\Services\BITS\
HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\
HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\
HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\
HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
HKLM\SYSTEM\CurrentControlSet\Services\camsvc\
HKLM\SYSTEM\CurrentControlSet\Services\CaptureService\
HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
HKLM\SYSTEM\CurrentControlSet\Services\CscService\
HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\
HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
HKLM\SYSTEM\CurrentControlSet\Services\DPS\
HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\
HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\
HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
HKLM\SYSTEM\CurrentControlSet\Services\HvHost\
HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
HKLM\SYSTEM\CurrentControlSet\Services\InstallService\
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\
HKLM\SYSTEM\CurrentControlSet\Services\irmon\
HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
HKLM\SYSTEM\CurrentControlSet\Services\LSM\
HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\
HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\
HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\
HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
HKLM\SYSTEM\CurrentControlSet\Services\Netman\
HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
HKLM\SYSTEM\CurrentControlSet\Services\nsi\
HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PeerDistSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\pla\
HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
HKLM\SYSTEM\CurrentControlSet\Services\Power\
HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\
HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\
HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\SENS\
HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\
HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\
HKLM\SYSTEM\CurrentControlSet\Services\smphost\
HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
HKLM\SYSTEM\CurrentControlSet\Services\swprv\
HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
HKLM\SYSTEM\CurrentControlSet\Services\TermService\
HKLM\SYSTEM\CurrentControlSet\Services\Themes\
HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\
HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\
HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\
HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
HKLM\SYSTEM\CurrentControlSet\Services\wisvc\
HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\
HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\
HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_317354d\
HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\
HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation:
46
See if GMER detects anything : http://www.gmer.net/
Personally I think its just because there's a lot of inbound / outbound traffic going through it, normal for Win 10 but Anti-malware programs may flag it. You do however have traces according to Hitman Pro, not sure if they're referring to cookies (harmless) or actual malware remnants Which could be solved with a good clean up of temp files / folders.
Posts: 55
Threads: 13
Joined: Jan 2015
Reputation:
0
05-13-2018, 10:21 AM
(This post was last modified: 05-13-2018, 10:24 AM by VamP.)
Hi Problem Solved. I downloaded RKill did a scan and that fixed everything did a scan with Adwcleaner and it found one problem did a restart then scaned with Hitman Pro againe and nothing found all gone. Fixed YAAA.
Rkill was recommended by Microsoft help, so tookit that it was safe to run. They got somthing right at last lol
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
Solved - Thread Closed
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
|