Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - M.E.Lenns

Pages: [1]
1
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 18, 2015, 11:22:45 AM »
Hi MEL,

Hey Curson,

Quote
It's difficult to be sure but it seems to be the main control/window of a program written in Delphi or VisualBasic which is not exiting on time. Do you run such a program on your computer?

Not that I know of. BUT, after running the Microsoft Security Virus Scan, which reported that it didn't find any issues, this Form 1 thing has disappeared. So "All's well that ends well." (W. Shakespeare)

Anyway, thanks for the response. Sorry to have bothered you when it seems that Form 1 was NOT any kind of issue.

BTW, if you are in Paris, take excellent care.

MEL

2
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 13, 2015, 01:09:11 PM »
Hey Mr. Curson,
The Win7 Computer that had RK that was killing SVCHOST.EXE, of a sudden had RK disappear from it's list of programs. Am redownloading it.

Wanted to ask about another issue. When the Win7 Computer is shutting down, it says it has to close what it calls "Form 1". Don't know what THAT is.

Ran a Microsoft Security Virus Scan yesterday. It took from 9:40 a.m. till 6:00 p.m. to finish and reported that no threats were found.

Anyway, do you happen to know what Form 1 is?

Thanks in advance for any information.

MEL

3
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 05, 2015, 10:03:22 AM »
Hi MEL, No, it (FRST) doesn't. ;) You can keep it if you want. Regards.

Hey Curson,
GREAT! Will be in touch.

MEL

4
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 04, 2015, 10:34:35 PM »
Hi MEL, You have indeed a total of 1.5GB RAM installed but since Windows 7 uses about 1GB RAM, there is only about 600-700MB RAM left for others applications. ;)

Hey Curson, When the Win7 machine was built originally, it had a Win2k O/S. Then a friend gifted me with the Win7 O/S. Happen to like Win7, but it takes longer to boot than did the Win2k.

Quote
Thanks for the clarification. You could now delete FRST and the files linked to it.

Does FRST take any RAM just sitting there? If it doesn't would like to just keep it to look at once in a while.

Quote
Many thanks for the kind words. :) Take care.

Credit where credit is due.

Hang in there.

MEL

5
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 04, 2015, 10:50:02 AM »
Hi MEL, I'm really sorry about that. When I wrote my post, I was certain you were running a 64 bits version of Windows. ???

Hey Curson, actually, both the Win7 and the Win10 are 32 bit machined. Am just behind the times. :(

Quote
The FRST logs are clean

That eases my mind. :)

Quote
but I noticed that your computer is quite low on resources:

It is an ancient rig. Originally was gotten to do Desktop Video, but at the time none of the DTV stuff worked very well.

Quote
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz
Percentage of memory in use: 56%
Total physical RAM: 1535.55 MB
Available physical RAM: 670.2 MB
Total Virtual: 3071.11 MB
Available Virtual: 2128.97 MB

Am surprised! Thought that I had 1.5 Gigs of ram (which at the time that the machine was built was a humongous amount of RAM)! How come there's only 670.2 of it available?

Quote
With such a low-end processor and only 670MB physical RAM available, it's no wonder your computer to be slow.

That the Win7 computer is slow isn't all that critical. All it is used for is word processing. Am way out in the boondocks of Deep East Texas, have a DSL connection to the Internet which is slow. The only reason for even having it connected to the Internet is to research that about which is being written (Wikipedia and Dictionaries for synonyms, definitions, and etc.).

The reason for contacting your very nice forum was, as mentioned previously, because with no applications running, the Win7's CPU was showing that it was maxed out and the RAM was up in the 80-90% range. Suspected that the old thing was part of a botnet. In doing research into that possibility, came across RogueKiller, and when RK kept showing SVCHOST.EXE as being toxic, and no matter how many times it was killed, it kept coming back, the next logical step was to go to your WebPage for help, and there I found your forum.

Quote
For better performances, I advise you to uninstall IObit Advanced SystemCare and IObit Uninstaller. If you don't use TeamViewer on a regular basis, you could uninstall it as well.

All right.

Anyway, would like to thank you for your assistance. You've been absolutely wondrous. This has been a learning experience for me. Have enjoyed becoming part of your community, and will be checking in often.

Hope this finds you doing well.

Take excellent care.

MEL

6
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 03, 2015, 09:17:38 PM »
Hi MEL, Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.

Hey Curson, tried to do the FRST64.exe, but the Win7 machine is a 32 bit computer. Downloaded FRST32.

Quote
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Nonetheless, here are the two files that you requested.

Hope this works.

Thanks again,

MEL

7
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 02, 2015, 10:17:26 PM »
Hi MEL, This [Proc.Svchost] detection is a false positive which was fixed in the latest releases.

Hey Curson, that's good news. Now, onward through the fog. :)

Quote
Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Curson, am going to have to do this tomorrow as there are some daily tasks that have to be taken care of presently. Will do this tomorrow mid morning.

I want to thank you for taking the time to do this for me. Be thinking on how I could contribute to your cause.

Hope this finds you doing well. Have a good night.

MEL

8
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 02, 2015, 08:48:02 PM »
Hi MEL, es, please download RogueKiller latest version before performing the scan.
When the scan has finished, please click the buttons "Export txt" and "Export Json", then save the files on your desktop. You can use the form in the "Attachments and other options" section to upload those files the next time you post. Regards.

Hey Curson, here are (hopefully) the TXT and JSON files.

9
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 02, 2015, 08:38:31 PM »
Hi MEL, Yes, please download RogueKiller latest version before performing the scan.

Hey Curson, tried to download RK from your website. It tried, but then quit, and the download folder said that there were no downloads for this session.

The previous download was done on August 14, 2015 at 1:56 p.m. It was 18,286 KB.

Quote
When the scan has finished, please click the buttons "Export txt" and "Export Json", then save the files on your desktop. You can use the form in the "Attachments and other options" section to upload those files the next time you post. Regards

Did this. Am now going to see if I can log on to the forum on the Win7 machine and attach the TXT and JSON files.

This may take a bit of time here.

MEL

10
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 02, 2015, 08:07:00 PM »
Hi MEL, Yes, please download RogueKiller latest version before performing the scan.

Hey Curson, the Win7 machine is running version 10.10.0.0. It is running a scan even as I type. When it is finihsed will do what you instructed below. Then will try to download the latest RK version, and do it all again.

Quote
When the scan has finished, please click the buttons "Export txt" and "Export Json", then save the files on your desktop. You can use the form in the "Attachments and other options" section to upload those files the next time you post. Regards.

Will see if I can get that all together.

Thanks again.

MEL

11
Malware removal help / Re: SVCHOST.EXE-KILLED BY RK
« on: November 02, 2015, 07:24:05 PM »
Hi MEL, Could you please attach the TXT and JSON reports produced by RogueKiller in your next reply ? Regards.

Hey Curson, Thank you so much for the VERY prompt response.

Am answering from the Win10 computer.

Will have to hook up and boot the Win7 computer on which is occurring the anomaly. Will do that, and run RK.

With that said, what is the TXT and JSON reports? Where are they found? And how do I attach them to a reply?

BTW, the RK on the Win7 machine has not been updated since it was first downloaded. I think I tried once to update it, but something prevented it from happening. Should I try again, or will the TXT and JSON reports be sufficient?

Thanks again,

MEL


12
Malware removal help / SVCHOST.EXE-KILLED BY RK
« on: November 02, 2015, 06:05:11 PM »
Hey all,
Am writing this from a Win 10 Computer.

I have a Win 7 Computer that I suspect has been hijacked and made part of a botnet.

With no applications running, the CPU is at 100%, RAM is at 90%.

Have tried to scan with AVG and it takes hours and hours to finally freeze at 75% complete.

Have scanned with MalwareBytes. It found nothing.

Scanned with RogueKiller and it found and killed SVCHOST.EXE. And RK listed the PID number of the SVCHOST.EXE that it killed.  Everything else was fine. Hit "delete" and X-ed out of RK.

Looked at Task Manager and found thirteen SVCHOST.EXEs running, but none had the PID number listed by RK as killed.

Rebooted, and when the reboot was finished, looked at Task Manager and found MORE than thirteen SVCHOST.EXEs running in Processes. Hand listed all the PID numbers and checked the Services.

Then shortly thereafter the same thing happened. CPU at 100%, Ram at near 90%. Scanned with RK and it found and killed SVCHOST.EXE, and once again RK supplied the PID number. Everything else was fine. BUT, here is something strange. Have looked at SVCHOST.EXEs running in Task Manager, each with a different PID, and the SVCHOST.EXE that RK reported as killed was not in the list that was hand copied. AND after running RK, the number of SVCHOST.EXEs was back to thirteen.

Have done this numerous times. Have even hand copied ALL the PID numbers of ALL the Processes running, and then scanned with RK, and the PID of the SVCHOST.EXE that RK killed is NOT on the list.

It doesn't seem to matter how many times RK kills the SVCHOST.EXE, it comes back. It even comes back without rebooting. Can let the computer just sit, and then check the Task Manager SVCHOST.EXE list, and there will be more than thirteen. Can scan with RK, and it will kill a SVCHOST.EXE and list the PID, but the PID will not be among the numbers listed by the Task Manager, AND right after the RK scan, the number of SVCHOST.EXEs will be back to thirteen.

The Win7 computer is seldom used on the Internet, being connected only for updates and etc. It is used every day for composing (I'm a writer). So for now, I have disconnected it from the DSL Router. AND since disconnecting it, the CPU and RAM %s have dropped to almost nothing.

Would like to get rid of whatever malware program is doing this suspected botnet thing.

Any help, advice, instructions, etc., would be very much appreciated.

BTW, would love to send you a contribution, but don't have a PayPal Account, nor do I know how to use BitCoin. I have a Debit Card Account, or could send a check if I knew where to send it. Also, I don't do FaceBook/Twitter/etc.

Anyway, thanks in advance for any assistance.

Hope this finds you all doing well.

MEL

13
General Discussion / Re: Introduce yourself
« on: November 02, 2015, 04:24:58 PM »
Hey :)
Unique topic for introducing. Please introduce yourself here.
Myself: Tigzy, owner of Adlice.com. Developer of RogueKiller and some other tools.
Live in France. :)

Hey Tigzy, I am Murthen Emreys Lenns in Deep East Texas, USA. Have introduced myself in your General Discussion Threads.

Am going to be reading to see if someone else has run up against the problem that I'm having. Am sure that this is not unique. Anyway, will be in touch.

MEL

14
General Discussion / Hello All
« on: November 02, 2015, 04:11:06 PM »
Hello all,
My name is Murthen Emerys Lenns. Am new to the Adlice Forum. Am needing some help, and have been using RogueKiller. It is a wonderful tool. It catches what I'm chasing and kills it, but another one of what I'm chasing takes its place. Am sure that this is not unique. There has to be a solution. Will read your very nice forum to see if there is an answer. If I don't find one, will start a new thread to describe what is happening.

Thanks for reading. Take care. Hope this finds you all doing well.

Pages: [1]