Author Topic: ==> Proc.Injected <==  (Read 57520 times)

0 Members and 1 Guest are viewing this topic.

Reply #60April 04, 2018, 08:03:00 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2331
  • Reputation:
    82
    • View Profile
Re: ==> Proc.Injected <==
« Reply #60 on: April 04, 2018, 08:03:00 pm »
Hi Siddharth,

Welcome to Adlice.com Forum.
Could you please relaunch RogueKiller, delete the [Adw.Butler] et [Adw.FastDataX] entries, then reboot your computer and check if explorer.exe is still injected ?

Regards.

Reply #61April 05, 2018, 12:06:32 pm

Siddharth Kumar

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #61 on: April 05, 2018, 12:06:32 pm »
After rebooting, I ran a scan with Roguekiller and it did not detected explorer as Proj.infected. So can you tell that removing the other entries can remove Proj.Infected ?

Reply #62April 05, 2018, 03:35:14 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2331
  • Reputation:
    82
    • View Profile
Re: ==> Proc.Injected <==
« Reply #62 on: April 05, 2018, 03:35:14 pm »
Hi Siddharth,

In this case, Adw.Butler implemented a driver which was responsible for the injection on explorer.exe.
Since RogueKiller removed the driver, explorer.exe is no longer injected.

Regards.

Reply #63April 17, 2018, 05:12:16 am

Miklo

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #63 on: April 17, 2018, 05:12:16 am »
NEW UPDATES: Regarding the Warning/Virus: [Proc.Injected] within [svchost.exe] File!



This is a re-edited Topic. I Created a Topic earler and needed help regarding this type of Virus. I was not sure if my Computer was Infected or not....

Hello Everyone.  I was finally able to get rid of the Virus/Warning [Proc.Injected] within [svchost.exe] File by Replacing the Windows System Files with a fresh set of files from My Windows Installations CD. Incase someone else had the same problem, then this is how I fixed mine.

Please know that I DO NOT recommend using this method. Mainly because your Windows might fail to Restart, As mine did. There are probably better ways to replace your Windows System Files. In my case I had no other choice.

1. So based on the main topic, I used "Process Hacker" Software to detect the Process above the Infected filename svchost.exe . Such as:[/b]

- The Process above the infected svchost.exe file was called services.exe
- And Process above the services.exe was called:  winini.exe

I suspected that one of the the following files seen below were causing the Infection:

C:\Windows\System32\wininit.exe
C:\Windows\System32\services.exe
C:\Windows\System32\svchost.exe

2. I basicly replaced all 3 files using a fresh set from my Windows Installation CD, and through the Command Line. But this did not come easy. After Replacing the files. My Windows failed to restart. .

3. I had to use the Windows "Startup Repair" Option from the Installations CD.  After the Repair was Complete my windows started totally fine.

4. I then ran a Final Scan using "RogueKiller". And finally the "Proj.Inected" svchost.exe virus was completely gone. 

I really hope that this could help someone else. But as I mentioned above. Please DO NOT attempt using this method for Replacing your Windows System Files. Please use a different way. Thank you.

Ps, I wanna send a huge thanks to the Adlice Team for their hard work and support within the forums. If it wasn't for this Topic and RogueKiller. I probably had been infected for very long time. So Thank you again!
« Last Edit: April 17, 2018, 10:22:26 pm by Miklo »

Reply #64April 17, 2018, 10:13:00 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2331
  • Reputation:
    82
    • View Profile
Re: ==> Proc.Injected <==
« Reply #64 on: April 17, 2018, 10:13:00 pm »
Hi Miklo,

Welcome to Adlice.com Forum and thanks for your extented feedback.
There was indeed an odd injection into svchost.exe. The method you used to get rid of it is quite convulsed but thanks to your detailed explanations, I'm sure it can benefict some users.

Using the dumps you gave us, we will be able to analyse the injection in depth.
Also, thanks for the kind words, this is appreciated.

Regards.

Reply #65April 17, 2018, 10:21:01 pm

Miklo

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #65 on: April 17, 2018, 10:21:01 pm »
Hi Miklo,

Welcome to Adlice.com Forum and thanks for your extented feedback.
There was indeed an odd injection into svchost.exe. The method you used to get rid of it is quite convulsed but thanks to your detailed explanations, I'm sure it can benefict some users.

Using the dumps you gave us, we will be able to analyse the injection in depth.
Also, thanks for the kind words, this is appreciated.

Regards.

Thank you so much. I really thought you guys were busy. As a forum owner i know how it goes. I had plans on doing a full Tutorial. But I know that it can be confusing. So I litterally had to edit this topic a 50 times lol :D.

I am pleased to know that you checked the files I had included. But yeh, Finally its gone. I will definitely be back and maybe post some Tutorials. Once again thank you for the kind welcome.

As a Part time Software Developer, and forum Owner I know how hard it is to keep up with the Forum and the Software Updates. I litterally Stopped Updating my old Programs.

I hope I can participate some more in the forums. Again a huge thanks!

Reply #66April 17, 2018, 11:52:58 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2331
  • Reputation:
    82
    • View Profile
Re: ==> Proc.Injected <==
« Reply #66 on: April 17, 2018, 11:52:58 pm »
Hi Miklo,

You are very welcome.
Thanks for your dedication on the tutorial.

I hope you will enjoy your stay on Adlice forum.
Regards.

Reply #67April 18, 2018, 12:46:48 pm

Miklo

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #67 on: April 18, 2018, 12:46:48 pm »
Thank you very much Curson. Also keep up the awesome support! I know moderating forums is not an easy task. I am currently moderating and administrating arround 5-6 forums online, besides my own forum. So cheers on your work!

Reply #68April 18, 2018, 04:15:06 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2331
  • Reputation:
    82
    • View Profile
Re: ==> Proc.Injected <==
« Reply #68 on: April 18, 2018, 04:15:06 pm »
Hi Miklo,

You are very welcome again.

Regards.

Reply #69August 01, 2019, 07:22:58 am

JackRyan

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #69 on: August 01, 2019, 07:22:58 am »
Hmm, this is informative