Solved

DeepScan Generic SpamTool Infecting svchost

Posted on 2010-08-14
9
564 Views
Last Modified: 2013-11-22
Hi, I have run BitDefender on my laptop, which has found a spam agent infecting the svchost, see log below.
This has been affecting my computer quite a lot in that the internet is always dropping out and is always affecting other people when I am connected to the internet/domain.
BitDefender took no action, if I delete or quarantine svchost it will affect my OS, what is the best way to get rid of this virus.
Thank you

<System>=>C:\WINDOWS\System32\svchost.exe [3064] (memory dump) DeepScan:Generic.SpamTool.E538D696 Disinfect Failed
0
Comment
Question by:crompnk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Expert Comment

by:truromeo4juliet
ID: 33438032
if you can boot to a live CD (like *****'* ****), you can go into your system32 folder and replace it with a working version from your i386 folder... rename the original (infected) svchost.exe to svchost.exe.bak, then copy a fresh version from your i386 folder ... I can't give you exact paths for this at the moment because I'm at work and restricted from exploring this PC, but I can do it when I get home.

*name of the illegal boot CD removed by rpggamergirl, Zone Advisor*
0
 
LVL 22

Expert Comment

by:optoma
ID: 33438370
Run these scanners when OS live. Only take few minutes to run :)

Tdsskiller.exe http://support.kaspersky.com/viruses/solutions?qid=208280684
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 33438674
if neither of optoma's tools work, I've had good success with this one with 2 different tools,  first is malwarebytes, second is superantispyware.
  If still no help, then holler back and I'll grab more tools out of the belt.
Rite
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:mikerigel
ID: 33439551
I've had nothing but good luck with Vipre by Sunbelt Software.  They have a scanner at http://live.sunbeltsoftware.com that finds and removes most.  They have also recently partnered up with malwarebytes as seen at http://vipre.malwarebytes.org.  Also check out vipre.biz for Antispyware/antivirus software that works.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 33443600
if the problem persists, use ComboFix, it should replace the patched svchost.exe if it finds a clean copy, otherwise you would need to replace it manually.
ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 

Author Comment

by:crompnk
ID: 33462639
Hi, Thanks for the advice.

I ran the combofix exe and it began the autoscan, except it hasn't done anything since displaying the Autoscan dialog (see image), which was over night, is this common, should I stop the process and start again.

Thanks
ComboFix-AutoScan-Image.jpg
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 250 total points
ID: 33462810
If it was left overnight just close it, reboot and run TdssKiller first.
If TdssKiller cures anything, reboot and then re run Combofix
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 33464028
RPG,
  Long time no talk to, thanks for the tip on TdssKiller, haven't seen that one yet. Good to see you are still here.
Rite
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question