The Conservative Cave
The Help Desk => Computer Related Discussions & Questions => Topic started by: ExGeeEye on April 17, 2012, 12:15:28 PM
-
svchost.eve
Malwarebytes catches it trying to do nasty things.
Norton thinks it's a trusted, well-used piece of something.
Other on-line sources say theres a good one from MS on every computer, and there's a bad one that comes in, deletes the good one, calls itself by the good one's name, pretends to do most or all of the good one's functions, and does nasty things on the side.
I thought about deleting it. Then I thought that might be like deleting my lungs to avoid pneumonia.
Any ideas? Anyone? Bueller?
-
If malwarebytes is detecting that one as the bad one, than its MD5-Hash matches a virus/spyware/malware program and should be deleted through mawarebytes only.
I would actually suggest downloading Combofix and running it. It should take care of it.
-
Have the same problem on the other computer. There appears to be a "install updates" that reinfects svchost.
Have tried several things. Noton, Malware, Mcfee, Spybot. You need to run the compete scan, if it is only finding one infected item, it is not finding it all.
As it stands now I have corrupted the windows files, I did a rebuild (restore), It was good for about two hours then was re-infected. Would not let me access anything on the net. Trying to fix that I corrupted windows a second time. I have gotten tierd of this shit, It maybe several day before I go back to it.
Please let me know what you have done.
-
http://www.bleepingcomputer.com/download/anti-virus/combofix
You also need to turn off system restore. As the virus has been saved in your system restore.
-
svchost.eve
Is it svchost.eve or svchost.exe?
If it is svchost.exe you need it but it should reside here;
C:\WINDOWS\system32\
If you are talking about *.eve .... I don't know. Since it is a play on the *.exe file which is real I would be about 99.9% sure you are dealing with a virus.
KC
-
If malwarebytes is detecting that one as the bad one, than its MD5-Hash matches a virus/spyware/malware program and should be deleted through mawarebytes only.
I would actually suggest downloading Combofix and running it. It should take care of it.
I would NOT suggest running Combofix unless you know what you're doing. Combofix is an awesome piece of software but it can really mess up a machine if you don't know what you're doing.
If you're going to do that I would highly recommend you sign up for one of the online help forums like bleepingcomputer.com and let them help you through the process.
KC
-
I would NOT suggest running Combofix unless you know what you're doing. Combofix is an awesome piece of software but it can really mess up a machine if you don't know what you're doing.
If you're going to do that I would highly recommend you sign up for one of the online help forums like bleepingcomputer.com and let them help you through the process.
KC
I am not sure why people say this. Everything Combofix does is automatically done. There is nothing you can really "mess" up using it. I have probably ran it on 2000+ computers and at worse it didn't fix the issue.
-
I am not sure why people say this. Everything Combofix does is automatically done. There is nothing you can really "mess" up using it. I have probably ran it on 2000+ computers and at worse it didn't fix the issue.
I'm currently in BC's malware removal school. They tell us that you have to be really careful with CF because it can mess up your machine.
It also doesn't run on all machines.
KC
-
Is it svchost.eve or svchost.exe?
If it is svchost.exe you need it but it should reside here;
C:\WINDOWS\system32\
If you are talking about *.eve .... I don't know. Since it is a play on the *.exe file which is real I would be about 99.9% sure you are dealing with a virus.
KC
exe is correct.
-
svchost.exe is called by whatever executable your calling up. It's what the executable runs in on a windows machine.
If windows does not find it objectionable or your antivirus then it will run
-
The heuristics used by some intrusion / malware detection software can trigger false positives on svchost.exe because of the inherent behaviour of that piece of the windows OS.
-
I ended up nuking my computer back to the Stone Age (factory settings). THen came the process of reinstalling my personal favorite softwares and sitting through all the updates both of OS and antivirus.
Working fine now. Better, in some ways.