MartinGibbs

Svchost.exe?

12 posts in this topic

I have run MS Security Essentials with no items found, but when I run Malewarebytes, it keeps finding a "Trojan" in svchost.exe. I've run rkill, and it stops it, but then a re-run of Malwarebytes shows it again. Quarantining it and deleting the entry do no good, as it keeps coming back. The system seems otherwise clean.

Windows 7, 64bit, HP G72 laptop.

Share this post


Link to post
Share on other sites

Can you please post a scan log from mbam so we can decide wether this may be a f/p or you may need some help in removing?

Thanks.

Share this post


Link to post
Share on other sites

Can you please post a scan log from mbam so we can decide wether this may be a f/p or you may need some help in removing?

Thanks.

Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org

Database version: 7666

Windows 6.1.7600 Internet Explorer 8.0.7600.16385

9/7/2011 9:19:50 PM mbam-log-2011-09-07 (21-19-50).txt

Scan type: Quick scan Objects scanned: 187748 Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1

Memory Processes Infected: (No malicious items detected)

Memory Modules Infected: (No malicious items detected)

Registry Keys Infected: (No malicious items detected)

Registry Values Infected: (No malicious items detected)

Registry Data Items Infected: (No malicious items detected)

Folders Infected: (No malicious items detected)

Files Infected: c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks!

Share this post


Link to post
Share on other sites

Ok can you please attach the file here. It will have to be zipped to attach.

This is definately an incorrect location for this:

Files Infected: c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

So i would have to say you probably have an infection. But lets be sure. Please attach file if possible.

Thanks

Share this post


Link to post
Share on other sites

OK, thanks, will be moving to the removal forums. Still coming back after the scan...

Share this post


Link to post
Share on other sites

Ok. just so you know. This file indicates the pahir rootkit and that is a MBR infector.

Share this post


Link to post
Share on other sites

Please visit our malware removal forums and they will help you there. This is for reporting false positives only.

Thanks.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.