Solved

DeepScan Generic SpamTool Infecting svchost

Posted on 2010-08-14
9
549 Views
Last Modified: 2013-11-22
Hi, I have run BitDefender on my laptop, which has found a spam agent infecting the svchost, see log below.
This has been affecting my computer quite a lot in that the internet is always dropping out and is always affecting other people when I am connected to the internet/domain.
BitDefender took no action, if I delete or quarantine svchost it will affect my OS, what is the best way to get rid of this virus.
Thank you

<System>=>C:\WINDOWS\System32\svchost.exe [3064] (memory dump) DeepScan:Generic.SpamTool.E538D696 Disinfect Failed
0
Comment
Question by:crompnk
9 Comments
 
LVL 5

Expert Comment

by:truromeo4juliet
ID: 33438032
if you can boot to a live CD (like *****'* ****), you can go into your system32 folder and replace it with a working version from your i386 folder... rename the original (infected) svchost.exe to svchost.exe.bak, then copy a fresh version from your i386 folder ... I can't give you exact paths for this at the moment because I'm at work and restricted from exploring this PC, but I can do it when I get home.

*name of the illegal boot CD removed by rpggamergirl, Zone Advisor*
0
 
LVL 22

Expert Comment

by:optoma
ID: 33438370
Run these scanners when OS live. Only take few minutes to run :)

Tdsskiller.exe http://support.kaspersky.com/viruses/solutions?qid=208280684
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 15

Expert Comment

by:riteheer
ID: 33438674
if neither of optoma's tools work, I've had good success with this one with 2 different tools,  first is malwarebytes, second is superantispyware.
  If still no help, then holler back and I'll grab more tools out of the belt.
Rite
0
 
LVL 3

Expert Comment

by:mikerigel
ID: 33439551
I've had nothing but good luck with Vipre by Sunbelt Software.  They have a scanner at http://live.sunbeltsoftware.com that finds and removes most.  They have also recently partnered up with malwarebytes as seen at http://vipre.malwarebytes.org.  Also check out vipre.biz for Antispyware/antivirus software that works.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 33443600
if the problem persists, use ComboFix, it should replace the patched svchost.exe if it finds a clean copy, otherwise you would need to replace it manually.
ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:crompnk
ID: 33462639
Hi, Thanks for the advice.

I ran the combofix exe and it began the autoscan, except it hasn't done anything since displaying the Autoscan dialog (see image), which was over night, is this common, should I stop the process and start again.

Thanks
ComboFix-AutoScan-Image.jpg
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 250 total points
ID: 33462810
If it was left overnight just close it, reboot and run TdssKiller first.
If TdssKiller cures anything, reboot and then re run Combofix
0
 
LVL 15

Expert Comment

by:riteheer
ID: 33464028
RPG,
  Long time no talk to, thanks for the tip on TdssKiller, haven't seen that one yet. Good to see you are still here.
Rite
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now