Solved

DeepScan Generic SpamTool Infecting svchost

Posted on 2010-08-14
9
553 Views
Last Modified: 2013-11-22
Hi, I have run BitDefender on my laptop, which has found a spam agent infecting the svchost, see log below.
This has been affecting my computer quite a lot in that the internet is always dropping out and is always affecting other people when I am connected to the internet/domain.
BitDefender took no action, if I delete or quarantine svchost it will affect my OS, what is the best way to get rid of this virus.
Thank you

<System>=>C:\WINDOWS\System32\svchost.exe [3064] (memory dump) DeepScan:Generic.SpamTool.E538D696 Disinfect Failed
0
Comment
Question by:crompnk
9 Comments
 
LVL 5

Expert Comment

by:truromeo4juliet
ID: 33438032
if you can boot to a live CD (like *****'* ****), you can go into your system32 folder and replace it with a working version from your i386 folder... rename the original (infected) svchost.exe to svchost.exe.bak, then copy a fresh version from your i386 folder ... I can't give you exact paths for this at the moment because I'm at work and restricted from exploring this PC, but I can do it when I get home.

*name of the illegal boot CD removed by rpggamergirl, Zone Advisor*
0
 
LVL 22

Expert Comment

by:optoma
ID: 33438370
Run these scanners when OS live. Only take few minutes to run :)

Tdsskiller.exe http://support.kaspersky.com/viruses/solutions?qid=208280684
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 15

Expert Comment

by:riteheer
ID: 33438674
if neither of optoma's tools work, I've had good success with this one with 2 different tools,  first is malwarebytes, second is superantispyware.
  If still no help, then holler back and I'll grab more tools out of the belt.
Rite
0
 
LVL 3

Expert Comment

by:mikerigel
ID: 33439551
I've had nothing but good luck with Vipre by Sunbelt Software.  They have a scanner at http://live.sunbeltsoftware.com that finds and removes most.  They have also recently partnered up with malwarebytes as seen at http://vipre.malwarebytes.org.  Also check out vipre.biz for Antispyware/antivirus software that works.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 33443600
if the problem persists, use ComboFix, it should replace the patched svchost.exe if it finds a clean copy, otherwise you would need to replace it manually.
ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 

Author Comment

by:crompnk
ID: 33462639
Hi, Thanks for the advice.

I ran the combofix exe and it began the autoscan, except it hasn't done anything since displaying the Autoscan dialog (see image), which was over night, is this common, should I stop the process and start again.

Thanks
ComboFix-AutoScan-Image.jpg
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 250 total points
ID: 33462810
If it was left overnight just close it, reboot and run TdssKiller first.
If TdssKiller cures anything, reboot and then re run Combofix
0
 
LVL 15

Expert Comment

by:riteheer
ID: 33464028
RPG,
  Long time no talk to, thanks for the tip on TdssKiller, haven't seen that one yet. Good to see you are still here.
Rite
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now