1 2 Previous Next 12 Replies Latest reply on Jun 11, 2011 6:05 PM by ConorD62

    Windows 7 and svchost.exe virus

      Hi,

       

      I have a real problem with this, the virus sends me to random websites and I cannot remove it, mcafee wont even locate it.

       

      Please help

        • 1. Re: Windows 7 and svchost.exe virus
          spc3rd

          Good morning ry01,

           

               Welcome to the McAfee Community Forums.  From your description, it sounds as if you may have a malware problem rather than a virus.  Have you tried running an anti-malware program, such as, Malwarebytes or SuperAntispyware yet?

           

          If not, may I suggest you download the FREE version of  Malwarebytes at http://malwarebytes.org and run a full scan of all drives on your computer.  (Make sure you download the FREE version and not the paid version, as it is not recommended to run concurrently, an AV program & anti-malware program when both have real-time scanning).

           

          If you are unable to download Malwarebytes in Normal Mode, try restarting in Safe Mode with Networking.  This is done by repeatedly pressing the F8 key when the comnputer begins to reboot.  Then try downloading the program again and run the scan.

           

          At the end of the scan, the program will display an on-screen log of any problems it finds.  You can see any items discovered in the Quarantined area.  Please post back here & let the community know the results, and/or if you encountered any problems.  There are many very knowledgeable moderators and forum members here to help you out!

          1 of 1 people found this helpful
          • 2. Re: Windows 7 and svchost.exe virus

            I will try that, also when i try to open ie9 I get the following report:

             

            Problem signature:

              Problem Event Name:    BEX

              Application Name:    iexplore.exe

              Application Version:    9.0.8112.16421

              Application Timestamp:    4d76255d

              Fault Module Name:    WS2_32.dll

              Fault Module Version:    6.1.7601.17514

              Fault Module Timestamp:    4ce7ba68

              Exception Offset:    00007761

              Exception Code:    c0000005

              Exception Data:    00000008

              OS Version:    6.1.7601.2.1.0.256.1

              Locale ID:    2057

              Additional Information 1:    0a9e

              Additional Information 2:    0a9e372d3b4ad19135b953a78882e789

              Additional Information 3:    0a9e

              Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

            • 3. Re: Windows 7 and svchost.exe virus
              Peter M

              Moved to Malware Discussions > Home User Assistance.  As previously suggested by Pete C download Malwarebytes Free, update it and run a full scan.

               

              If it wont work in regular mode M/bytes can be downloaded, installed, updated and run all in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up and selecting #2 on the ensuing menu.

               

              I've locked your other 2 threads regarding IE and DVD RW issues - please stick with this one.

               


               

              Message was edited by: Ex_Brit on 11/06/11 9:17:43 EDT AM
              • 4. Re: Windows 7 and svchost.exe virus
                Hayton

                The symptoms you report above have been described in a post to a Microsoft Q&A forum, and you should look there for an answer to your problem. Start by reading the thread HERE and if that doesn't work read the more general thread on BEX error messages HERE. If all else fails ask your question in the Microsoft forums, since you're more likely to get an explanation there.

                 

                Your other question in Malware Discussion was tacked on to the end of an old and unrelated thread and has been branched to a new discussion.

                 

                In your original post you said you had some sort of malware that redirects your browser. That could be the result of a PC infection, so -

                - Check for Windows updates and install any outstanding

                - Check for McAfee updates (right-click on the shield icon in your system tray)

                - Run a McAfee quick scan

                - If you haven't got Windows Defender, go to the Microsoft site and download it, then run a scan.

                 

                Report back if you still have a problem, there are other tools we can recommend.

                1 of 1 people found this helpful
                • 5. Re: Windows 7 and svchost.exe virus
                  ConorD62

                  Hi Ry01,

                   

                  Are you still getting redirected to other websites?

                   

                  Thanks.

                   

                   

                  • 6. Re: Windows 7 and svchost.exe virus

                    Hi,

                     

                    Yes I am still getting redirected

                    • 7. Re: Windows 7 and svchost.exe virus

                      the first report found no problems, after a second run I noticed:

                      Registry Keys Infected:

                      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb- 7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

                      • 8. Re: Windows 7 and svchost.exe virus
                        ConorD62

                        Hi Ry01,

                         

                        Please do the following:

                         

                        Download http://support.kaspersky.com/downloads/utils/tdsskiller.zip and save it to your Desktop.

                        Extract its contents to your desktop.

                        Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

                        If an infected file is detected, the default action will be Cure, click on Continue.

                        If a suspicious file is detected, the default action will be Skip, choose it.

                        It may ask you to reboot the computer to complete the process. Click on Reboot Now

                        Click the Report button and copy/paste the contents of it into your next reply.

                        • 9. Re: Windows 7 and svchost.exe virus

                          Hi,

                           

                          So far so good, scan results detected

                          2011/06/11 20:21:07.0733 3808 Suspicious file (Forged): C:\Windows\system32\DRIVERS\vdrvroot.sys. Real md5: 59f41751844b368a28ac78e09b0180d3, Fake md5: a059c4c3edb09e07d21a8e5c0aabd3cb

                          2011/06/11 20:21:07.0750 3808 vdrvroot - detected Rootkit.Win32.TDSS.tdl3 (0)

                           

                          ================================================================================

                          2011/06/11 20:21:10.0442 4604 Detected object count: 1

                          2011/06/11 20:21:10.0443 4604 Actual detected object count: 1

                          2011/06/11 20:21:23.0511 4604 vdrvroot        (59f41751844b368a28ac78e09b0180d3) C:\Windows\system32\DRIVERS\vdrvroot.sys

                          2011/06/11 20:21:23.0512 4604 Suspicious file (Forged): C:\Windows\system32\DRIVERS\vdrvroot.sys. Real md5: 59f41751844b368a28ac78e09b0180d3, Fake md5: a059c4c3edb09e07d21a8e5c0aabd3cb

                          2011/06/11 20:21:24.0244 4604 Backup copy found, using it..

                          2011/06/11 20:21:24.0258 4604 C:\Windows\system32\DRIVERS\vdrvroot.sys - will be cured after reboot

                          2011/06/11 20:21:24.0258 4604 Rootkit.Win32.TDSS.tdl3(vdrvroot) - User select action: Cure

                          2011/06/11 20:21:29.0236 4696 Deinitialize success

                           

                          Thanks

                          1 2 Previous Next