Windows 10: Windows 10 svchost virus Solved

Page 2 of 4 FirstFirst 1234 LastLast
  1.    21 Jan 2017 #11

    victor122,

    The hosts file is OK.

    Let's do the following:

    Download Zemana AntiMalware:
    Zemana AntiMalware Download
    Save to the Desktop.

    Double-click on the file Zemana.AntiMalware.Setup.exe to install.

    When the program starts you are presented with a Setup screen, click: Next
    Follow the prompts to install.

    Once Zemana AntiMalware starts, click: Scan

    When finished, it displays a list of all the malware found. Click on Next to remove any malicious files from your computer.

    A reboot may be required to remove malware.

    When done, click the Graph icon (far upper right), highlight the applicable log file, and click: Open Report

    Please post the notepad text report for review.
      My ComputerSystem Spec

  2.    22 Jan 2017 #12

    cottonball said: View Post
    victor122,

    The hosts file is OK.

    Let's do the following:

    Download Zemana AntiMalware:
    Zemana AntiMalware Download
    Save to the Desktop.

    Double-click on the file Zemana.AntiMalware.Setup.exe to install.

    When the program starts you are presented with a Setup screen, click: Next
    Follow the prompts to install.

    Once Zemana AntiMalware starts, click: Scan

    When finished, it displays a list of all the malware found. Click on Next to remove any malicious files from your computer.

    A reboot may be required to remove malware.

    When done, click the Graph icon (far upper right), highlight the applicable log file, and click: Open Report

    Please post the notepad text report for review.
    That didn't help but thanks. The trojan seems to be operating from a different program/file now called tor. Happened after i blocked its IP.
    Click image for larger version. 

Name:	2017-01-22.png 
Views:	8 
Size:	361.8 KB 
ID:	118082
      My ComputerSystem Spec

  3.    22 Jan 2017 #13

    victor122,

    Please use the Farbar Recovery Scan Tool Download
    Save FRST to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]


    Double-click FRST to run it.
    When the tool opens click Yes to the disclaimer.

    Next, press the Scan button.


    When done, the tool makes a log (FRST.txt) on the Desktop.
    The first time the tool is run, it makes another log: (Addition.txt).

    Please provide the results of both reports in your reply. (Attach if you can, if not, then post.)
      My ComputerSystem Spec

  4.    23 Jan 2017 #14

    FRST.txtAddition.txt
    Here are both txt files
      My ComputerSystem Spec

  5.    23 Jan 2017 #15

    victor122,

    Thanks for the reports.


    Please try the following:

    Press the Windows and R keys at the same time. This opens the Run box.
    Type Notepad and click OK.
    Next, please copy the entire contents inside the code box below to Notepad.

    Code:
    Start
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    GroupPolicy: Restriction - Windows Defender <======= ATTENTION
    C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}
    C:\Users\Admin\AppData\Roaming\tor.exe
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
    Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Admin\AppData\Roaming\Browsers\exe.emorhc.bat (No File) 
    Task: {6C4DAD07-8BDC-4C35-A0ED-C91CBAE0BC26} - System32\Tasks\{034BCED7-1B5D-90E9-5A06-A9A295CA4F99} => C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}\aitdgvten.exe [2017-01-03] (TechSmith Corporation) 
    Task: {CD6DF866-8AC9-4D6C-A904-9975E75B6872} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Admin\AppData\Roaming\FreeVPN\FreeVPN.exe
    
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



    Next, run FRST and click Fix only once, and wait.


    The tool creates a log: (Fixlog.txt)

    Please attach it to your reply.
    Last edited by cottonball; 23 Jan 2017 at 18:04.
      My ComputerSystem Spec

  6.    23 Jan 2017 #16

    FYI: QQ is a Chinese chat program - I've used it myself quite extensively.
      My ComputerSystem Spec

  7.    23 Jan 2017 #17

    @dalchina,


    When there is an [X] at the end of a listed service, that indicates that FRST could not find the files associated with the particular Service or Driver and has listed the ImagePath as it is in the Registry.
      My ComputerSystem Spec

  8.    23 Jan 2017 #18

    @victor122,

    Please note, post number 15 was modified.
      My ComputerSystem Spec

  9.    24 Jan 2017 #19

    cottonball said: View Post
    victor122,

    Thanks for the reports.


    Please try the following:

    Press the Windows and R keys at the same time. This opens the Run box.
    Type Notepad and click OK.
    Next, please copy the entire contents inside the code box below to Notepad.

    Code:
    Start
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    GroupPolicy: Restriction - Windows Defender <======= ATTENTION
    C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}
    C:\Users\Admin\AppData\Roaming\tor.exe
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
    Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Admin\AppData\Roaming\Browsers\exe.emorhc.bat (No File) 
    Task: {6C4DAD07-8BDC-4C35-A0ED-C91CBAE0BC26} - System32\Tasks\{034BCED7-1B5D-90E9-5A06-A9A295CA4F99} => C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}\aitdgvten.exe [2017-01-03] (TechSmith Corporation) 
    Task: {CD6DF866-8AC9-4D6C-A904-9975E75B6872} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Admin\AppData\Roaming\FreeVPN\FreeVPN.exe
    
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



    Next, run FRST and click Fix only once, and wait.


    The tool creates a log: (Fixlog.txt)

    Please attach it to your reply.
    Here is the logFixlog.txt
      My ComputerSystem Spec

  10.    24 Jan 2017 #20

    victor122,

    Please update, any progress?
      My ComputerSystem Spec


 
Page 2 of 4 FirstFirst 1234 LastLast

Related Threads
I have read at multiple places that the file 'svchost.exe' should only be in the 'System32' folder. I searched my PC and this file is also present in the 'SysWOW64' folder. Does this mean that there is a virus/malware? Note:- I have also read at...
svchost.exe (RPCSS) freezes Windows in Performance & Maintenance
I bought my laptop in January 2015, and got used to Windows 8.1. I have liked Win10 ever since I upgraded late last year. I had some minimal trouble in the "migration", which was related to the substituted touchpad driver, but I digress. I believe...
Solved Windows 10 possible virus? in General Support
Hello about 30 minutes ago I downloaded some software for my wacom tablet but I think it was a virus because it randomly started downloading a bunch of programs like teamviewer, supremo and weather stuff. i think it was part of something called the...
Solved svchost CPU usage at 55% in Performance & Maintenance
not sure since when and how ( must have been recently ), but my windows 10 got probably infected, whenever i start pc, my cpu usage jumps to 55% ±. After I open task manager, i can see this ( attachment ) : the PID of "faulty" service is always...
Evening Folks, I just recently installed Windows 10 on my Dell Inspiron Laptop and so far I am not impressed at all - in fact, I am very seriously debating one of two actions - re-install Windows 7 or switching to an entirely different OS. The...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:29.
Find Us