cancel
Showing results for 
Search instead for 
Did you mean: 
ry01
Level 7
Report Inappropriate Content
Message 1 of 13

Windows 7 and svchost.exe virus

Jump to solution

Hi,

I have a real problem with this, the virus sends me to random websites and I cannot remove it, mcafee wont even locate it.

Please help

1 Solution

Accepted Solutions
ConorD62
Level 12
Report Inappropriate Content
Message 7 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Hi Ry01,

Please do the following:

Download http://support.kaspersky.com/downloads/utils/tdsskiller.zip and save it to your Desktop.

Extract its contents to your desktop.

Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, choose it.

It may ask you to reboot the computer to complete the process. Click on Reboot Now

Click the Report button and copy/paste the contents of it into your next reply.

12 Replies
spc3rd
Level 10
Report Inappropriate Content
Message 2 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Good morning ry01,

     Welcome to the McAfee Community Forums.  From your description, it sounds as if you may have a malware problem rather than a virus.  Have you tried running an anti-malware program, such as, Malwarebytes or SuperAntispyware yet?

If not, may I suggest you download the FREE version of  Malwarebytes at http://malwarebytes.org and run a full scan of all drives on your computer.  (Make sure you download the FREE version and not the paid version, as it is not recommended to run concurrently, an AV program & anti-malware program when both have real-time scanning).

If you are unable to download Malwarebytes in Normal Mode, try restarting in Safe Mode with Networking.  This is done by repeatedly pressing the F8 key when the comnputer begins to reboot.  Then try downloading the program again and run the scan.

At the end of the scan, the program will display an on-screen log of any problems it finds.  You can see any items discovered in the Quarantined area.  Please post back here & let the community know the results, and/or if you encountered any problems.  There are many very knowledgeable moderators and forum members here to help you out!

ry01
Level 7
Report Inappropriate Content
Message 3 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

I will try that, also when i try to open ie9 I get the following report:

Problem signature:

  Problem Event Name:    BEX

  Application Name:    iexplore.exe

  Application Version:    9.0.8112.16421

  Application Timestamp:    4d76255d

  Fault Module Name:    WS2_32.dll

  Fault Module Version:    6.1.7601.17514

  Fault Module Timestamp:    4ce7ba68

  Exception Offset:    00007761

  Exception Code:    c0000005

  Exception Data:    00000008

  OS Version:    6.1.7601.2.1.0.256.1

  Locale ID:    2057

  Additional Information 1:    0a9e

  Additional Information 2:    0a9e372d3b4ad19135b953a78882e789

  Additional Information 3:    0a9e

  Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

exbrit
Level 21
Report Inappropriate Content
Message 4 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Moved to Malware Discussions > Home User Assistance.  As previously suggested by Pete C download Malwarebytes Free, update it and run a full scan.

If it wont work in regular mode M/bytes can be downloaded, installed, updated and run all in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up and selecting #2 on the ensuing menu.

I've locked your other 2 threads regarding IE and DVD RW issues - please stick with this one.


Message was edited by: Ex_Brit on 11/06/11 9:17:43 EDT AM
Hayton
Level 18
Report Inappropriate Content
Message 5 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

The symptoms you report above have been described in a post to a Microsoft Q&A forum, and you should look there for an answer to your problem. Start by reading the thread HERE and if that doesn't work read the more general thread on BEX error messages HERE. If all else fails ask your question in the Microsoft forums, since you're more likely to get an explanation there.

Your other question in Malware Discussion was tacked on to the end of an old and unrelated thread and has been branched to a new discussion.

In your original post you said you had some sort of malware that redirects your browser. That could be the result of a PC infection, so -

- Check for Windows updates and install any outstanding

- Check for McAfee updates (right-click on the shield icon in your system tray)

- Run a McAfee quick scan

- If you haven't got Windows Defender, go to the Microsoft site and download it, then run a scan.

Report back if you still have a problem, there are other tools we can recommend.

ry01
Level 7
Report Inappropriate Content
Message 6 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

the first report found no problems, after a second run I noticed:

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

ConorD62
Level 12
Report Inappropriate Content
Message 7 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Hi Ry01,

Please do the following:

Download http://support.kaspersky.com/downloads/utils/tdsskiller.zip and save it to your Desktop.

Extract its contents to your desktop.

Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, choose it.

It may ask you to reboot the computer to complete the process. Click on Reboot Now

Click the Report button and copy/paste the contents of it into your next reply.

ry01
Level 7
Report Inappropriate Content
Message 8 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Hi,

So far so good, scan results detected

2011/06/11 20:21:07.0733 3808 Suspicious file (Forged): C:\Windows\system32\DRIVERS\vdrvroot.sys. Real md5: 59f41751844b368a28ac78e09b0180d3, Fake md5: a059c4c3edb09e07d21a8e5c0aabd3cb

2011/06/11 20:21:07.0750 3808 vdrvroot - detected Rootkit.Win32.TDSS.tdl3 (0)

================================================================================

2011/06/11 20:21:10.0442 4604 Detected object count: 1

2011/06/11 20:21:10.0443 4604 Actual detected object count: 1

2011/06/11 20:21:23.0511 4604 vdrvroot        (59f41751844b368a28ac78e09b0180d3) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/06/11 20:21:23.0512 4604 Suspicious file (Forged): C:\Windows\system32\DRIVERS\vdrvroot.sys. Real md5: 59f41751844b368a28ac78e09b0180d3, Fake md5: a059c4c3edb09e07d21a8e5c0aabd3cb

2011/06/11 20:21:24.0244 4604 Backup copy found, using it..

2011/06/11 20:21:24.0258 4604 C:\Windows\system32\DRIVERS\vdrvroot.sys - will be cured after reboot

2011/06/11 20:21:24.0258 4604 Rootkit.Win32.TDSS.tdl3(vdrvroot) - User select action: Cure

2011/06/11 20:21:29.0236 4696 Deinitialize success

Thanks

ConorD62
Level 12
Report Inappropriate Content
Message 9 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Have you rebooted?

Also, are you still getting the redirects.

Highlighted
ry01
Level 7
Report Inappropriate Content
Message 10 of 13

Re: Windows 7 and svchost.exe virus

Jump to solution

Hi,

I have rebooted and net is working fine now, thank you very much for your help