Darn trojan

[BaldLoonie]

Got this sucker Malwarebytes finds but won't remove. Been suggested to use Combofix to get rid of it. Anybody used that program before?

[Elfshadow]

I would not touch combofix unless you have a rootkit installed on the system and you know what you are doing. It can nuke your system. I only touch it for really infected comps.

I would just let malware remove it and see if it pops back up. Also you should check any system connected to your network. What OS you running win7 or xp??

[Elfshadow]

If you do decide to go ahead and try it, make sure you download it from bleeping computers. If I remember correctly someone has the domain for combofix and is hosting something different there.

[ga-hvac-tech]

See if you can find the exact name of the malware in question... then google it. Usually there is a specific patch available to 'cure it'. Sometimes one needs to run two different malware programs to catch all the 'stuff' out there.

Along with running Kaspersky and Nod32 (the latter is manually only--AV/malware programs tend to not mix well...need to shut one down before starting the other); I have my IT guy come by once a year and wipe/rebuild the entire software on my workstation. Takes around 3-4 hours to get all the apps and routines set up again on a fresh Windows install... and costs me around a C note... however it also rids me of 'build-up'. This time I will leave WinXP pro and go to Win7Pro64. Hardware will handle 64bit... I have some new photo-processing software that does not run on XP... and M$FT is not gonna support XP much longer.

Try the google approach.

You could also try CCcleaner... it is a registry tool... WARNING... one can delete most of the cookies and DLL's if they are not careful... and take hours to get all your apps and routines working again.

[Elfshadow]

If this is the type of Trojan that is coming back I would try this out. I have heard good things but have not had a chance to try it out yet. This is malwarebytes anti-root kit tool.

http://www.malwarebytes.org/products/mbar/

One last thing, you might want to check your router out if you keep getting this sorta infection back. I have seen viruss that will login to the router and set it up the DNS so everything goes through say Russa. This can also be done on your computer through the dns and proxy settings.

[Senior Tech]

The title of this thread could go many directions

I'm thinking Dad would be the one to ask about it....he's a computer geek and a darn good one compared to me

[jmac00]

The title of this thread could go many directions

I'm thinking Dad would be the one to ask about it....he's a computer geek and a darn good one compared to me

I thought the same thing, this thread is not what I was expecting

[timebuilder]

And here, I thought someone had just become a grandfather again.

As for computer trojans, get the name and search Major Geeks. They have some top notch members.

I use CCleaner, malwarebytes, registry mechanic, super anti-spyware, and Avira free edition.

[Mr Bill]

Weird, I always thought svchost.exe was a normal windows program. I use Malwarebytes Pro, it actively does malicious website blocking and file system protection, so for all has been well. I would also try booting in "F8" safe mode and run Malwarebytes, might be better.

[Space Racer]

I recently ran most of the scanners I found here:

https://support.mozilla.org/en-US/questions/938759

The one that found a trojan on my computer was the microsoft security scanner. It took 3 hours.

[amd]

svchost isn't the bad process itself - it's just an executable file which hosts some processes.

You have to find and delete the infected files, then remove the registry keys associated with it.

ccleaner only finds invalid registry references - it doesn't remove trojans.

[chaard]

I was thinking someones gonna be a daddy.

[BaldLoonie]

Sorry boys, not those kind of Trojans

Regular Malwarebytes doesn't touch it. What is the MB anti-root tool thingie? Might it get what the regular one doesn't? I'll sure try Bill's suggestion of running it in safe mode.

My IT friend who suggested combofix did say getting it from bleeping computer.

This is at work with a crazy network and a crazy IT lady who keeps finding ways to blame me for it like using Firefox not IE, going on Facebook for 30 seconds to send a message to a customer or running Outlook with the preview pane open. I pointed out I do lots riskier things at home without a problem.

[Mr Bill]

My IT friend who suggested combofix did say getting it from bleeping computer.

This is at work with a crazy network and a crazy IT lady who keeps finding ways to blame me for it like using Firefox not IE, going on Facebook for 30 seconds to send a message to a customer or running Outlook with the preview pane open. I pointed out I do lots riskier things at home without a problem.

A successful story here.


http://www.pchelpforum.com/xf/thread...st-exe.129642/

[Elfshadow]

http://www.softpedia.com/reviews/win...w-308741.shtml

This is the safer tool mind you. Rootkits are nasty things, I really hope you don't have one on your system

[Elfshadow]

Sorry boys, not those kind of Trojans

Regular Malwarebytes doesn't touch it. What is the MB anti-root tool thingie? Might it get what the regular one doesn't? I'll sure try Bill's suggestion of running it in safe mode.

My IT friend who suggested combofix did say getting it from bleeping computer.

This is at work with a crazy network and a crazy IT lady who keeps finding ways to blame me for it like using Firefox not IE, going on Facebook for 30 seconds to send a message to a customer or running Outlook with the preview pane open. I pointed out I do lots riskier things at home without a problem.

The malwarebytes ant-rootkit tool is like combofix but supposed to be safer, supposed to, because I have not gotten to use it on anything yet.

Depending on what the virus has done to the system combofix goes in a uses alot of tools that computer experts use on a lot but normally one at a time. The problem is that it's like a nuclear option in that it tends to either fix the system, or you end up reinstalling the OS. It's a good tool but I view it as a last resort.

svchost.exe is a classic target of viruses because there are always tons on them running the in the process view of the task manager making it imposable for people like me to go in a manually kill it.

I would try a couple of the normal tools like some others have suggested in the thread, then move to malwarebytes anti-rootkit. Bleeping computers have a forum set up to help out with problems like this. They tend to advise using combofix last and will ask you to run logging tools to find out exactly what has changed on your system. Stuff like seek and destroy.

[zartangreen]

Your best bet is to save /backup important files, not an entire backup,, Than reinstall operating system. Only way to guarantee. Never use explorer firefox is safer

[Elfshadow]

Your best bet is to save /backup important files, not an entire backup,, Than reinstall operating system. Only way to guarantee. Never use explorer firefox is safer

He is right about this. It hurts and is painful but backing up important files, formatting the partitian and full reinstall is the only guarantee these days. I prefer chrome, but almost anything is better the IE,

[zartangreen]

He is right about this. It hurts and is painful but backing up important files, formatting the partitian and full reinstall is the only guarantee these days. I prefer chrome, but almost anything is better the IE,

iM A BIG FAN OF CHROME with all the goog add on's etc....I use when lets say normal searching/tasty surfing. When i surf things i dont want the world to know i use firefox/duck duck go.

Just the thought of working on one of googles office units is scary. I sign there ticket and they have access to my entire search history that's cree.py

[zartangreen]

When reinstall and all your basics Browser,,addons antivirus r up and running than go to search programs and type cmd u will have a black screen type netstat -ano

take a snapshot of it,, than compare to another one a few weeks down the road and see who's communicating with your computer. This is the only 100 percent way of telling whats really communicating. Very important that everybody does this.