Windows 10: Windows 10 svchost virus Solved

Page 1 of 4 123 ... LastLast
  1.    20 Jan 2017 #1

    Windows 10 svchost virus


    Hi. I have recently started having CPU problems. Apparently, it's because of a trojan virus called svchost.exe. Anytime I use an internet browser (any) I get a message from my web protection that it's blocking the virus but my CPU still gets overloaded. I've tried every trojan remover I could find, they did not work. Malwarebytes identifies it as a web virus and blocks every few seconds. How can I remove this virus from my computer?


    Thanks in Advance
      My ComputerSystem Spec

  2.    20 Jan 2017 #2

    Welcome to the forum. The file is a genuine Windows file when run from Windows folder use task manager and find one that's not running from Windows folder kill it quick then delete it you need to have it ready in another window to delete before it restarts it's often random ware are your files OK docs etc
      My ComputerSystem Spec

  3.    20 Jan 2017 #3

    Samuria said: View Post
    Welcome to the forum. The file is a genuine Windows file when run from Windows folder use task manager and find one that's not running from Windows folder kill it quick then delete it you need to have it ready in another window to delete before it restarts it's often random ware are your files OK docs etc
    The thing is that it does operate from the windows folder. From system 32 to be exact.
      My ComputerSystem Spec

  4.    20 Jan 2017 #4

    CPU problems
    .. let's go back to that. Do you perhaps mean svchost.exe is using excessive CPU time?

    If so, please post an appropriate screenshot of your task manager. Thanks.
      My ComputerSystem Spec

  5.    20 Jan 2017 #5

    Click image for larger version. 

Name:	2017-01-20.png 
Views:	3 
Size:	43.7 KB 
ID:	117816Click image for larger version. 

Name:	2017-01-20 (3).png 
Views:	85 
Size:	7.5 KB 
ID:	117817
    This is what I get while using any browser. The browser starts using more CPU when that message pops up (which happens every few seconds).
      My ComputerSystem Spec

  6.    20 Jan 2017 #6

    Hi, someone may be able to recognise what's going on if they've seen that, so thanks for the screenshots.

    Meanwhile, you've clearly got quite a bit going on, so try a clean boot, then open a browser and see what happens.

    That's a German IP address - which whois says is for sale.

    Possible references here:
    Qadars Banking Malware Fake Flash Update | EFORENSICS
    Fake Flash update from phishing site delivers Qadars banking malware – BroadAnalysis

    Sounds like you need to scan your system with the appropriate tool, but I'm no expert on that.

    *** This looks possible - see 'Contacted Hosts' which lists yours.
    You could examine the parameters for update.exe as listed here.
    Free Automated Malware Analysis Service - powered by VxStream Sandbox

    Do you have a disk image you can use to restore your PC to a point before this started to occur? I doubt a system restore point would help here.
      My ComputerSystem Spec

  7.    21 Jan 2017 #7

    victor122,

    Let's try opening the hosts file and see if there is something unusual there.

    Right-click the Windows Start and select: Command Prompt (Admin)

    At the Command Prompt, type the following commands, one at a time, and press ENTER after each::

    cd drivers
    cd etc
    dir


    The contents are shown, and below them, the following appears:
    C:\Windows\System32\drivers\etc>

    At the above, type: notepad hosts

    The Notepad text appears.

    Please copy the results, and provide in your reply.

    (Images are in reversed order!)
    Attached Thumbnails Attached Thumbnails Capture1.PNG   Capture2.PNG  
      My ComputerSystem Spec

  8.    21 Jan 2017 #8

    cottonball said: View Post
    victor122,

    Let's try opening the hosts file and see if there is something unusual there.

    Right-click the Windows Start and select: Command Prompt (Admin)

    At the Command Prompt, type the following commands, one at a time, and press ENTER after each::

    cd drivers
    cd etc
    dir


    The contents are shown, and below them, the following appears:
    C:\Windows\System32\drivers\etc>

    At the above, type: notepad hosts

    The Notepad text appears.

    Please copy the results, and provide in your reply.

    (Images are in reversed order!)
    Here is what I got:
    # Copyright (c) 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost
      My ComputerSystem Spec

  9.    21 Jan 2017 #9

    Maybe this is better
    Click image for larger version. 

Name:	2017-01-21.png 
Views:	11 
Size:	26.0 KB 
ID:	117941
      My ComputerSystem Spec

  10.    21 Jan 2017 #10

    Whilst you could block that IP address in your hosts file as an expedient, it doesn't deal with the underlying issue. You have some program on your PC which is responsible for that.

    If you find update.exe is present and might be suspicious, you can upload it to Virustotal
    VirusTotal - Free Online Virus, Malware and URL Scanner
    and any positive results might point you to an AV provider that could help.
      My ComputerSystem Spec


 
Page 1 of 4 123 ... LastLast

Related Threads
I have read at multiple places that the file 'svchost.exe' should only be in the 'System32' folder. I searched my PC and this file is also present in the 'SysWOW64' folder. Does this mean that there is a virus/malware? Note:- I have also read at...
svchost.exe (RPCSS) freezes Windows in Performance & Maintenance
I bought my laptop in January 2015, and got used to Windows 8.1. I have liked Win10 ever since I upgraded late last year. I had some minimal trouble in the "migration", which was related to the substituted touchpad driver, but I digress. I believe...
Solved Windows 10 possible virus? in General Support
Hello about 30 minutes ago I downloaded some software for my wacom tablet but I think it was a virus because it randomly started downloading a bunch of programs like teamviewer, supremo and weather stuff. i think it was part of something called the...
Solved svchost CPU usage at 55% in Performance & Maintenance
not sure since when and how ( must have been recently ), but my windows 10 got probably infected, whenever i start pc, my cpu usage jumps to 55% ±. After I open task manager, i can see this ( attachment ) : the PID of "faulty" service is always...
Evening Folks, I just recently installed Windows 10 on my Dell Inspiron Laptop and so far I am not impressed at all - in fact, I am very seriously debating one of two actions - re-install Windows 7 or switching to an entirely different OS. The...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:07.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums