Solved

DeepScan Generic SpamTool Infecting svchost

Posted on 2010-08-14
9
558 Views
Last Modified: 2013-11-22
Hi, I have run BitDefender on my laptop, which has found a spam agent infecting the svchost, see log below.
This has been affecting my computer quite a lot in that the internet is always dropping out and is always affecting other people when I am connected to the internet/domain.
BitDefender took no action, if I delete or quarantine svchost it will affect my OS, what is the best way to get rid of this virus.
Thank you

<System>=>C:\WINDOWS\System32\svchost.exe [3064] (memory dump) DeepScan:Generic.SpamTool.E538D696 Disinfect Failed
0
Comment
Question by:crompnk
9 Comments
 
LVL 5

Expert Comment

by:truromeo4juliet
ID: 33438032
if you can boot to a live CD (like *****'* ****), you can go into your system32 folder and replace it with a working version from your i386 folder... rename the original (infected) svchost.exe to svchost.exe.bak, then copy a fresh version from your i386 folder ... I can't give you exact paths for this at the moment because I'm at work and restricted from exploring this PC, but I can do it when I get home.

*name of the illegal boot CD removed by rpggamergirl, Zone Advisor*
0
 
LVL 22

Expert Comment

by:optoma
ID: 33438370
Run these scanners when OS live. Only take few minutes to run :)

Tdsskiller.exe http://support.kaspersky.com/viruses/solutions?qid=208280684
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 15

Expert Comment

by:riteheer
ID: 33438674
if neither of optoma's tools work, I've had good success with this one with 2 different tools,  first is malwarebytes, second is superantispyware.
  If still no help, then holler back and I'll grab more tools out of the belt.
Rite
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 3

Expert Comment

by:mikerigel
ID: 33439551
I've had nothing but good luck with Vipre by Sunbelt Software.  They have a scanner at http://live.sunbeltsoftware.com that finds and removes most.  They have also recently partnered up with malwarebytes as seen at http://vipre.malwarebytes.org.  Also check out vipre.biz for Antispyware/antivirus software that works.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 33443600
if the problem persists, use ComboFix, it should replace the patched svchost.exe if it finds a clean copy, otherwise you would need to replace it manually.
ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 

Author Comment

by:crompnk
ID: 33462639
Hi, Thanks for the advice.

I ran the combofix exe and it began the autoscan, except it hasn't done anything since displaying the Autoscan dialog (see image), which was over night, is this common, should I stop the process and start again.

Thanks
ComboFix-AutoScan-Image.jpg
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 250 total points
ID: 33462810
If it was left overnight just close it, reboot and run TdssKiller first.
If TdssKiller cures anything, reboot and then re run Combofix
0
 
LVL 15

Expert Comment

by:riteheer
ID: 33464028
RPG,
  Long time no talk to, thanks for the tip on TdssKiller, haven't seen that one yet. Good to see you are still here.
Rite
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question