Jump to content

svchost trojan tracur is overtaking my computer!


Recommended Posts

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please run this scan

 

dr_web_cureit_zpse80d87bf.jpg

  1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  4. Shutdown your antivirus to avoid any conflicts while scanning.
  5. Once the scans have completed please re-enable your antivirus.
  6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  7. If needed you can also temporarily disable it from starting with Windows
  8. Temporarily turn off any other security add-ons or applications you may also have.
  9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  10. If it does not have a Digital Signature then do not run it.
  11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  13. Click on the Yes button to start the installer.
  14. Click OK to scan your computer in the Enhanced Protection Mode
  15. Click on the check box to agree to participate in their software improvement program.
  16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  19. Then click on the Start scanning button.
  20. If a threat is found you can click on the Action column in the program.
  21. Your options will be Cure or Ignore
  22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  23. Then click on the Neutralize button.
  24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
  25. Save the report to your desktop. The report will be called Cureit.log
  26. Close Dr.Web Cureit!
  27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  28. After reboot, attach the log Cureit.log you saved previously in your next reply.
  29. Re-Enable your antivirus and other security programs when all done.


 

Link to post
Share on other sites

Sooooo.! Here's the deal. When I tried to make an account I could not. He option is not available. That only states now in the part week. After thes started. I was to make any account, and now, not so much.

So nothing for he response on that. The credential accounts was running and so was Samss. I has a look and sure enough there several entries under certificate authority that don't look totally normal in there values. Like curved certificateAuthorityEncodeLongArraY.1. In system control file, it says %systemroot system32rundll cryptext.dll,cryptext openSTR%1. Just another example that I condensed a little cause typing my phone is hard. There is LOTS of these entires. Lots under for metadata which scare me. Some very fishy things. As for the hardrive utility, I never put that on the drive, they also was installed in the last week. That isn't THAT hard to believe becaue the metadata are problem solvers fetchers and logical organizers, from what I understand of the way the file system works. And I did some reading, and you were absolutely right of this is he case becaue they get crazy when there files get currupted. It kind of explaines everything.

I will post the last part soon, as I am on my phone:l. Hope to hear back soon, what to do next?

Link to post
Share on other sites

  • Root Admin

I want you to run the following please.  Click on START and type in CMD.EXE and then when it shows on the start menu right click and choose "Run as administrator"

 

Then type in the following and post back the results.

 

net localgroup Administrators

 

Then run the System File Checker as I posted above.  You said you have the install DVD so you should be able to run that without any issues.

 

 

Thanks

Link to post
Share on other sites

When I entered "Run as administrator, it responded with "Run is not recognized as an internal or external command, operable program or batch file"

I wasn't sure if I should still enter the other command or not. Permissions is such a tricky cat.

I just figured you may need the info that my account is: Tim Administrator Password protected. But that didn't stone it before. It has itself as the owner of everything. It's super quick at adjusting to stuff too. When I install virus programs it always throws a whack of keys in the registrar.

It's a doozy, first malware I've had in 15 years. Gotta be a good one. How long of you think before he totally locks down? Let's beat him!

Link to post
Share on other sites

I'm a total lame brain tonight, I've had no sleep lately, trying to kill this thing. Should I run the checker here in windows or restart? Just want to be sure I just know if I make a decide something crucial and I'm not sure, today will be the day I mess things up. No prob.

Link to post
Share on other sites

Ok I got interrupted for a bit. It's pretty late. It didn't work. I was going to paste the file but I cabs email it. Itn basically said that it would run the scan and allow it to verify the files only. Then is said scan now verifyfile=c: windows system32 kernel132.dll affbootdir offwindi r=d:windows sfc directoryonly

Link to post
Share on other sites

  • Root Admin

Get some sleep.  This needs to be done correctly.

 

 

Please visit the following site to see how to run an Elevated command prompt.
How to Open an Elevated Command Prompt in Windows 7

Then type in the 3 words exactly.  There is a space between each word, then press the Enter key.
 

 

net localgroup Administrators

 

Then post back the results.

Link to post
Share on other sites

Done. Slept, and did this. Same response as yesterday. It says admin Administrator the command prompt opened successfully. I know the stuff I posted yesterday looked bad. But I'm trying to type on this stupid phone... I don't know if you read the last post, it all worked but the system just didn't let it scan. I have some time now before work.

Link to post
Share on other sites

I'm not sure what else I could be doing wrong. I tried the file checker again. I'm typing just as it shows in that demo. But using D instead of F. It just basically said it can verify only. I tried typing into this phone yesterday, but looking away and back is when I really miss the keys. Crap I wish I could post exactly what it says.

Scans integers of all protected files system files and repair files

Verifynowonly. Problems when possible

Scanfile. Performed scans integry....

Verifyfile. Identified specify full path. Verifies the integry

Offbootdir. Operation is performed for offline repair specify the location of offline bootdir

Offwindir Same as above

I was worried that this was going to happen last week, actually two weeks ago. I saw something up with the permission stuff. I just don't know what to do.

Link to post
Share on other sites

Ok I really had to read the dos stuff carefully. I thought it should just scan, That tutorial, it's a paragraph after the demo scan is done where it's said to do another command. It should be in the same paragraph. I looked again after I figured it out. I guess I could have had this done last night. The tutorial should say the command, and then type SCANNOW. It says that there will be a blinking curser and it will take a while in that first step but mine takes a millisecond so that totally threw me off.

Link to post
Share on other sites

Shoot well no matter how I do it it doesn't find anything wrong. The system keeps making changes it has been making changes to control set. Quite a few in the last hour. I THINK that this is a virus. My quake buddy years ago told me when I had a pretty bad Trojan that it was nothing, the worst one he ever experienced was the windows scripting virus.

Link to post
Share on other sites

  • Root Admin

The best thing you can do is backup your data to an external USB drive.  Then disconnect the USB drive and reboot the computer and either do a Factory Reinstall to including recreating the partitions and formatting the drive, or manually booting from a Windows install CD/DVD and then remove the partitions and create a new partition and install Windows again.

 

Let me know what you'd like to do and I'll try to assist you with information as needed.

 

Thanks

Link to post
Share on other sites

Ok. My phone just crashed so I hope I'm not posting twice here.

Thanks agains for your help. You've been awesome, sorry about my mistakes, also not posting some stuff yet, I will as soon as I'm online again.

First thing, what are the pros and cons to the two methods you stated?

Second, "ghosting" the hard drive is not an option here because of the corupted files right?

Third, what is the best way to back up. Right now I just have my critical files on a USB hardrive.

I should probably do the other systems on my network. I will upgrade to xp to 7 on those. I was going to do it as soon as I got hardware, but if it's ok I'll just do it, and upgrade the hardware later. I think I ran a 7 test on them a while back and they passed.

Link to post
Share on other sites

  • Root Admin

No you cannot.  It is one license per computer. 

 

Yes you can Ghost or Image the drive over to another disk drive to backup as it won't copy any bad sectors.  I would not use that to reinstall though back on to a new hard drive.  I would highly recommend a new clean fresh install of Windows 7 onto a new hard drive or FDISK (remove all partitions from the current drive) and then install onto the disk.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.