Hi. I have recently started having CPU problems. Apparently, it's because of a trojan virus called svchost.exe. Anytime I use an internet browser (any) I get a message from my web protection that it's blocking the virus but my CPU still gets overloaded. I've tried every trojan remover I could find, they did not work. Malwarebytes identifies it as a web virus and blocks every few seconds. How can I remove this virus from my computer?
Thanks in Advance
Welcome to the forum. The file is a genuine Windows file when run from Windows folder use task manager and find one that's not running from Windows folder kill it quick then delete it you need to have it ready in another window to delete before it restarts it's often random ware are your files OK docs etc
.. let's go back to that. Do you perhaps mean svchost.exe is using excessive CPU time?CPU problems
If so, please post an appropriate screenshot of your task manager. Thanks.
This is what I get while using any browser. The browser starts using more CPU when that message pops up (which happens every few seconds).
Hi, someone may be able to recognise what's going on if they've seen that, so thanks for the screenshots.
Meanwhile, you've clearly got quite a bit going on, so try a clean boot, then open a browser and see what happens.
That's a German IP address - which whois says is for sale.
Possible references here:
Qadars Banking Malware Fake Flash Update | EFORENSICS
Fake Flash update from phishing site delivers Qadars banking malware – BroadAnalysis
Sounds like you need to scan your system with the appropriate tool, but I'm no expert on that.
*** This looks possible - see 'Contacted Hosts' which lists yours.
You could examine the parameters for update.exe as listed here.
Free Automated Malware Analysis Service - powered by VxStream Sandbox
Do you have a disk image you can use to restore your PC to a point before this started to occur? I doubt a system restore point would help here.
victor122,
Let's try opening the hosts file and see if there is something unusual there.
Right-click the Windows Start and select: Command Prompt (Admin)
At the Command Prompt, type the following commands, one at a time, and press ENTER after each::
cd drivers
cd etc
dir
The contents are shown, and below them, the following appears:
C:\Windows\System32\drivers\etc>
At the above, type: notepad hosts
The Notepad text appears.
Please copy the results, and provide in your reply.
(Images are in reversed order!)
Here is what I got:
# Copyright (c) 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost
Whilst you could block that IP address in your hosts file as an expedient, it doesn't deal with the underlying issue. You have some program on your PC which is responsible for that.
If you find update.exe is present and might be suspicious, you can upload it to Virustotal
VirusTotal - Free Online Virus, Malware and URL Scanner
and any positive results might point you to an AV provider that could help.
Quote
