?
Solved

Hacktool.Proxy file infected svchost.exe

Posted on 2008-11-09
9
Medium Priority
?
1,251 Views
Last Modified: 2013-12-09
I ran Symantec Endpoint and foud that Hacktool.Proxy file infected svchost.exe.  Endpoint did not clean it up.  The action taken was "Backup" for svchost.exe.  Is there a way to clean up this trojan?
0
Comment
Question by:cwojcicki1099
  • 5
  • 4
9 Comments
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22920819
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 

Author Comment

by:cwojcicki1099
ID: 22922549
Here's the log file.  Thanks for your help.
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22922620
Think you forgot to attach it. Don't see any log...
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:cwojcicki1099
ID: 22922901
Sorry, here it is.
hijackthis.log
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22923197
This service....

O23 - Service: Shell Hardware Dectection Service (HWDect) - Unknown owner - C:\WINNT\system32\inetsrv\svchost.exe (file missing)

Pretty sure it's bad. Take a look at how "Detection" is spelled. :lol:

I would fix that. Even though it says "file missing" sometimes HJT reports 023's as missing files when they aren't. And that is not the typical location for svchost.exe.

I would first stop the service then remove it. Then seek and delete that file.


0
 

Author Comment

by:cwojcicki1099
ID: 22940554
This is our master DC with all the FSMO roles.  I just virtualized it in VMWare this past Sunday. So on the physical server that I took out of the network, I went under Symantec EndPoint Quarantine and deleted it.  I ran another virus scan and it came up clean.  But when I run the the Hijack tool again, the log still picks up the svchost.exe under the inetsrv directory and I verified that it is not there.  So I'm a bit confused.
hijackthis.log
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 2000 total points
ID: 22940866
Hijackthis will not fix the service itself. It can be done a few ways. I usually remove them like this....
Click Start->Run...
Enter the following commands one at a time into the window and click OK each time.

sc stop HWDect
sc delete HWDect

Reboot and that should do it.



0
 

Author Comment

by:cwojcicki1099
ID: 22941707
Ok, that did it, thanks for your help.
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22941985
Great, glad it worked out and thank you.
Dave
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question