Author Topic: svchost.exe process and a bunch of PUM (and other stuffs)  (Read 140037 times)

0 Members and 1 Guest are viewing this topic.

Reply #120October 08, 2015, 07:44:12 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #120 on: October 08, 2015, 07:44:12 PM »
Hi Heantrad

Quote from: Heantrad
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
I have really no idea. You could always try.

Quote from: Heantrad
So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
DelFix won't harm your computer in any case. ;)

Regards.
Well, I think this is a definitive answer to the Steam browser thing.
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
« Last Edit: October 08, 2015, 11:00:35 PM by Heantrad »

Reply #121October 09, 2015, 12:34:14 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #121 on: October 09, 2015, 12:34:14 AM »
Hi Heantrad,

Quote from: Heantrad
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
If you keep it updated, you are safe.

Regards.

Reply #122October 09, 2015, 03:21:24 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #122 on: October 09, 2015, 03:21:24 PM »
Hi Heantrad,

Quote from: Heantrad
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
If you keep it updated, you are safe.

Regards.
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.

So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?

I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
« Last Edit: October 10, 2015, 04:18:38 PM by Heantrad »

Reply #123October 12, 2015, 02:52:00 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #123 on: October 12, 2015, 02:52:00 PM »
Hi Heantrad,

Quote from: Heantrad
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.

So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?

I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Again, I'm no Steam Guru, so it's difficult for me te help you.
You always could "up" your thread at the Steam forum, if it's ignored for too long.

Quote from: Heantrad
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
If you didn't download anything strange, it's probably safe.
Firewall rules are not auto-removed when you uninstall a program. :)

Quote from: Heantrad
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
There exists numerous routeurs manufacturer and setups. I would advice you to open a new thread on your ISP forum board. They will be more skilled than me helping you with it.

Regards.

Reply #124October 12, 2015, 03:34:08 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #124 on: October 12, 2015, 03:34:08 PM »
Hi Heantrad,

Quote from: Heantrad
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.

So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?

I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Again, I'm no Steam Guru, so it's difficult for me te help you.
You always could "up" your thread at the Steam forum, if it's ignored for too long.

Quote from: Heantrad
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
If you didn't download anything strange, it's probably safe.
Firewall rules are not auto-removed when you uninstall a program. :)

Quote from: Heantrad
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
There exists numerous routeurs manufacturer and setups. I would advice you to open a new thread on your ISP forum board. They will be more skilled than me helping you with it.

Regards.
I think I didn't download anything strange. Yes, just checked the downloads on my browser and I only downloaded a new version of AdwCleaner and a pair of images.

So, should I manually remove the firewall rules of Java?

Reply #125October 12, 2015, 04:01:52 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #125 on: October 12, 2015, 04:01:52 PM »
Hi Heantrad,

Quote from: Heantrad
Heantrad
Yes, you could.

Regards.

Reply #126October 16, 2015, 03:58:50 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #126 on: October 16, 2015, 03:58:50 PM »
Hi Heantrad,

Quote from: Heantrad
Heantrad
Yes, you could.

Regards.
So, I'm recieving help in the MBAM's forums again for a pair of problems that were left in the air.

Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
Has the Outlook (hotmail) design changed?
« Last Edit: October 16, 2015, 11:08:25 PM by Heantrad »

Reply #127October 19, 2015, 01:30:17 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #127 on: October 19, 2015, 01:30:17 PM »
Hi Heantrad,

Quote from: Heantrad
Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
All of same link to the same RKill application.

Quote from: Heantrad
Has the Outlook (hotmail) design changed?
I'm not using it, so I'm not the right person to ask. ;)

Regards.

Reply #128October 19, 2015, 08:03:27 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #128 on: October 19, 2015, 08:03:27 PM »
Hi Heantrad,

Quote from: Heantrad
Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
All of same link to the same RKill application.

Quote from: Heantrad
Has the Outlook (hotmail) design changed?
I'm not using it, so I'm not the right person to ask. ;)

Regards.
I know you don't use Outlook, but today this appeared on the Outlook page (first image).
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
I've tried to analyze the url with Safeweb and TotalVirus but it uses various link on the process of login in, so I don't know which of them is the correct one to analyze.
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
Also, sorry for the screenshots in Spanish, I'll translaten them if necesary.
« Last Edit: October 19, 2015, 08:28:05 PM by Heantrad »

Reply #129October 20, 2015, 02:40:53 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #129 on: October 20, 2015, 02:40:53 PM »
Hi Heantrad,

Quote from: Heantrad
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
They never ever will do this.

Quote from: Heantrad
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
Chrome warns you that the webserver is using SHA-1 hashing whitch is vulnerable to some extend to Collision attacks.
You don't have to worry about that. Microsoft will update it a day or another.

Quote from: Heantrad
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
There is unfortunately no way to do this automatically.

Regards.

Reply #130October 22, 2015, 09:47:06 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #130 on: October 22, 2015, 09:47:06 PM »
Hi Heantrad,

Quote from: Heantrad
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
They never ever will do this.

Quote from: Heantrad
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
Chrome warns you that the webserver is using SHA-1 hashing whitch is vulnerable to some extend to Collision attacks.
You don't have to worry about that. Microsoft will update it a day or another.

Quote from: Heantrad
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
There is unfortunately no way to do this automatically.

Regards.
Is CCleaner a good way to delete Firewall rules? It's because I'm afraid of doing something wrong with something as important as that.

Reply #131October 23, 2015, 03:15:55 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #131 on: October 23, 2015, 03:15:55 PM »
Hi Heantrad,

To my knowledge, CCleaner doesn't include such feature.
You will need to to this using Windows Firewall with Advanced Security module.

Regards.

Reply #132November 10, 2015, 06:17:36 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #132 on: November 10, 2015, 06:17:36 PM »
Hi Heantrad,

To my knowledge, CCleaner doesn't include such feature.
You will need to to this using Windows Firewall with Advanced Security module.

Regards.
So, the removal process of MBAM has ended.
This is what I meant with that CCleaner can delete firewall rules (first image).
Not, there's left the removal of the second Program Files and the Nvidia's drivers problem.
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
And sorry that it took me that long to reply back with more news about all this.

Reply #133November 11, 2015, 07:53:17 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #133 on: November 11, 2015, 07:53:17 PM »
Hi Heantrad,

Quote from: Heantrad
This is what I meant with that CCleaner can delete firewall rules (first image).
I'm sorry, I was not aware that CCleaner incude such a feature.

Quote from: Heantrad
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
Difficult to say.
You could download NVIDIA drivers latest version using NVIDIA Driver Downloads.

Regards.

Reply #134December 20, 2015, 01:52:52 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #134 on: December 20, 2015, 01:52:52 PM »
Hi Heantrad,

Quote from: Heantrad
This is what I meant with that CCleaner can delete firewall rules (first image).
I'm sorry, I was not aware that CCleaner incude such a feature.

Quote from: Heantrad
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
Difficult to say.
You could download NVIDIA drivers latest version using NVIDIA Driver Downloads.

Regards.
First of all, sorry that it took me so long to reply.
So, I did a Roguekiller scan and it detected some new PUMs related to IE, I'll attach a txt log (I also have a json one, if you need it tell me and I'll send it).
After eliminating them (the IE ones only, as the DNS ones are legit, as you told me), the default homepage is MSN and the default search engine Bing, there wasn't (and stills without beign) any search bars
Were those legit or not?
As always, thanks.