Solved

DeepScan Generic SpamTool Infecting svchost

Posted on 2010-08-14
9
565 Views
Last Modified: 2013-11-22
Hi, I have run BitDefender on my laptop, which has found a spam agent infecting the svchost, see log below.
This has been affecting my computer quite a lot in that the internet is always dropping out and is always affecting other people when I am connected to the internet/domain.
BitDefender took no action, if I delete or quarantine svchost it will affect my OS, what is the best way to get rid of this virus.
Thank you

<System>=>C:\WINDOWS\System32\svchost.exe [3064] (memory dump) DeepScan:Generic.SpamTool.E538D696 Disinfect Failed
0
Comment
Question by:crompnk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Expert Comment

by:truromeo4juliet
ID: 33438032
if you can boot to a live CD (like *****'* ****), you can go into your system32 folder and replace it with a working version from your i386 folder... rename the original (infected) svchost.exe to svchost.exe.bak, then copy a fresh version from your i386 folder ... I can't give you exact paths for this at the moment because I'm at work and restricted from exploring this PC, but I can do it when I get home.

*name of the illegal boot CD removed by rpggamergirl, Zone Advisor*
0
 
LVL 22

Expert Comment

by:optoma
ID: 33438370
Run these scanners when OS live. Only take few minutes to run :)

Tdsskiller.exe http://support.kaspersky.com/viruses/solutions?qid=208280684
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 33438674
if neither of optoma's tools work, I've had good success with this one with 2 different tools,  first is malwarebytes, second is superantispyware.
  If still no help, then holler back and I'll grab more tools out of the belt.
Rite
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 3

Expert Comment

by:mikerigel
ID: 33439551
I've had nothing but good luck with Vipre by Sunbelt Software.  They have a scanner at http://live.sunbeltsoftware.com that finds and removes most.  They have also recently partnered up with malwarebytes as seen at http://vipre.malwarebytes.org.  Also check out vipre.biz for Antispyware/antivirus software that works.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 33443600
if the problem persists, use ComboFix, it should replace the patched svchost.exe if it finds a clean copy, otherwise you would need to replace it manually.
ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 

Author Comment

by:crompnk
ID: 33462639
Hi, Thanks for the advice.

I ran the combofix exe and it began the autoscan, except it hasn't done anything since displaying the Autoscan dialog (see image), which was over night, is this common, should I stop the process and start again.

Thanks
ComboFix-AutoScan-Image.jpg
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 250 total points
ID: 33462810
If it was left overnight just close it, reboot and run TdssKiller first.
If TdssKiller cures anything, reboot and then re run Combofix
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 33464028
RPG,
  Long time no talk to, thanks for the tip on TdssKiller, haven't seen that one yet. Good to see you are still here.
Rite
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question