1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved svchost.exe (network service) Slow - Possible Infection?

Discussion in 'Malware and Virus Removal Archive' started by James Martin, 2010/08/15.

Page 3 of 3
  1. 2010/08/17
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Security Check Scan

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    ZoneAlarm
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Disk Cleaner (remove only)
    EasyCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.53.64
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    WinPatrol winpatrol.exe
    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    BillP Studios WinPatrol winpatrol.exe
    Zone Labs ZoneAlarm zlclient.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    James Martin,
    #41
  2. 2010/08/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You need to update IE to at least ver. 7
    Ver. 6 is obsolete and dangerous.
     
    broni,
    #42


  3. to hide this advert.

  4. 2010/08/17
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Frankly, I couldn't agree with more, but later versions of IE have different font settings that I cannot seem to fix.

    Yes, I can make the suggested font changes for my CRT, but the fonts are just enough out of focus to cause eye strain.

    I rarely use IE6, but am I still at risk?
     
    James Martin,
    #43
  5. 2010/08/17
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Tomorrow, can you give me a rundown on the combofix scans? daemon.dll was removed, and the program will not open up with it. In addition, my cursor is somewhat herky jerky when I type in this box. Haven't tried typing in other apps yet.

    Signing off. :)

    ZZZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzzz
     
    James Martin,
    #44
  6. 2010/08/17
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Lastly,

    I'll do the online virus scan ASAP.
     
    James Martin,
    #45
  7. 2010/08/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Possibly, even, if you rarely use it.
    On the other hand, since you rarely use it, if you upgrade to IE7, your eyesight shouldn't be affected much.

    Say again?
     
    broni,
    #46
  8. 2010/08/17
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    I tried it on two separate occasions, but I never could get the font issue fixed.

    I tried to ignore it the last time, but MS Outlook was so fuzzy that I gave up on IE7.

    Never tried IE8 yet, but according to MS the font issue remains.


    Can you identify the type of infection I had?

    Was it indeed a rootkit, and where could it have come from?

    Sony, maybe?

    Edit: Kaspersky and Firefox did not like each other (FF maxed out my CPU while the definitions were downloading).

    I reluctantly switched over to IE6 for the scanning, but it may take all night to finish.
     
    Last edited: 2010/08/18
    James Martin,
    #47
  9. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, you didn't have a rootkit.

    I believe, you still owe me Kaspersky scan.
     
    broni,
    #48
  10. 2010/08/18
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Read my previous post at the bottom.
     
    James Martin,
    #49
  11. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If Kaspersky gives you problems....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #50
  12. 2010/08/18
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    After one hour and 35 minutes, Kaspersky has completed 29% of scan.

    That means that C drive appears to be clean, but ironically, most of my past infections were in E drive (I keep a collection of updated .exe's on that drive).

    You said no rootkit was found; was there an infection at all?
     
    James Martin,
    #51
  13. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, there were some bad files, but I have no way to identify every single file marked by Combofix as bad. If I knew, bad guys would knew too and Combofix would be worthless :)
     
    broni,
    #52
  14. 2010/08/18
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    For what it's worth, I found my last Eset scan results from July...


    E:\Desktop Items\Downloaded Programs\Nero Downloads\Nero 3-8-08\Nero-6.6.1.15c_wch.exe Win32/Toolbar.AskSBar application deleted - quarantined

    E:\Desktop Items\Downloaded Programs\Unlocker\unlocker1.8.7.exe a variant of Win32/Adware.ADON application deleted - quarantined

    Eset likes to tag that version of Nero because of the Ask Tool Bar, I presume.
     
    James Martin,
    #53
  15. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, I'd prefer to see fresh log.

    But....it's a bed time here :)
     
    broni,
    #54
  16. 2010/08/18
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    KASPERSKY ONLINE SCANNER 7.0: scan report

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, August 18, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, August 18, 2010 12:23:55
    Records in database: 4136409
    Scan settings
    scan using the following database extended
    Scan archives yes
    Scan e-mail databases yes
    Scan area My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    H:\
    I:\
    J:\
    L:\
    W:\
    X:\
    Y:\
    Z:\
    Scan statistics
    Objects scanned 79644
    Threats found 0
    Infected objects found 0
    Suspicious objects found 0
    Scan duration 06:27:22 :eek:

    No threats found. Scanned area is clean.
    Selected area has been scanned.

    My machine seems to running OK from what I can gather. :)
     
    Last edited: 2010/08/18
    James Martin,
    #55
  17. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
    broni,
    #56
  18. 2010/08/18
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Read my last edit.
    (Wow, you post fast.)
     
    James Martin,
    #57
  19. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to hear good news :)
    Good luck and stay safe :)
     
    broni,
    #58
    James Martin likes this.
  20. 2010/08/19
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Well, this is the first time I've ever had to jump through so many hoops to remove an infection. :D

    The PC seems to be running much better than before, and I have seen no indications of svchost.exe maxing out yet. I'll review your safety recommendations, although I already have some of them installed, but the WOT will be a welcome addon for sure. :)

    My only gripe is the infection corrupted Daemon Tools, and I can't seem to repair the program, or completely remove it...still working on it though.

    As for the temp file cleaner, in the past I have used disk cleaner, easy cleaner,
    ATF-Cleaner, and **** cleaner. Does TFC do a better job?

    Can't thank you enough for all the timely help. :cool:
     
    James Martin,
    #59
  21. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome again :)
    TFC is my favorite tool....hands down.
     
    broni,
    #60
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...