Author Topic: Bad processes svchost.exe  (Read 5634 times)

0 Members and 1 Guest are viewing this topic.

September 23, 2014, 06:54:19 AM

khuntim

  • Guest
Bad processes svchost.exe
« on: September 23, 2014, 06:54:19 AM »
¤¤¤ Bad processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\windows\system32\svchost.exe
  • -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\windows\SysWow64\svchost.exe
  • -> [NoKill]


this is all that remains after a serious malware removal run. Is this normal to see this?

Thanks!

here is the full log:

RogueKiller V9.2.11.0 (x64) [Sep  9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 09/22/2014  21:11:41

¤¤¤ Bad processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\windows\system32\svchost.exe
  • -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\windows\SysWow64\svchost.exe
  • -> [NoKill]


¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 05ca50ed5ba34e1dbeeb536b28312b62
[BSP] 8d78fc930b9866eff7e6d8dc6ae222a2 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_09222014_150336.log - RKreport_DEL_09222014_154607.log - RKreport_DEL_09222014_161223.log - RKreport_DEL_09222014_162031.log
RKreport_DEL_09222014_164426.log - RKreport_DEL_09222014_165727.log - RKreport_DEL_09222014_170441.log - RKreport_DEL_09222014_173222.log
RKreport_DEL_09222014_195822.log - RKreport_SCN_09222014_145936.log - RKreport_SCN_09222014_154256.log - RKreport_SCN_09222014_155154.log
RKreport_SCN_09222014_155835.log - RKreport_SCN_09222014_162015.log - RKreport_SCN_09222014_164331.log - RKreport_SCN_09222014_165712.log
RKreport_SCN_09222014_170255.log - RKreport_SCN_09222014_173209.log - RKreport_SCN_09222014_195625.log - RKreport_SCN_09222014_201733.log



Reply #1September 23, 2014, 01:23:29 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Bad processes svchost.exe
« Reply #1 on: September 23, 2014, 01:23:29 PM »
Looks malware.
Can you try a scan with Malwarebytes?

Reply #2September 23, 2014, 08:51:48 PM

khuntim

  • Guest
Re: Bad processes svchost.exe
« Reply #2 on: September 23, 2014, 08:51:48 PM »
Malwarebytes scan comes clean. Also: adwcleaner, JRT. something still going on , i can feel it!

used 9.2.12.0 this morning. same thing.


Reply #3September 24, 2014, 06:31:03 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Bad processes svchost.exe
« Reply #3 on: September 24, 2014, 06:31:03 AM »
Could you post a scan with OTL?
http://www.bleepingcomputer.com/download/otl/