Removal of Svchost.exe virus

2

My computer has blue screened on and off over the past week or so and a system restore had fixed this up until yesterday.

Yesterday I noticed that Norton Antivirus kept sending a notification that it had blocked an attack from a host website blah blah blah with a high risk and that no action was needed.

This was the third time this week I had seen this, and a google search lead to a post on the symantec forums by a guy with the same issue. I read that it might be a virus attempting to download other viruses from malicious sites. So I decided to run a full system scan.

I clicked on my Norton Icon in the bottom right hand corner of the screen and the action center popped up, then disappeared. I tried opening every known shortcut to the program and nothing worked. So I opened up the Norton recovery tool and my computer blue screened with the stop error 0x0000001E. I have a picture of all the other codes following that if needed. There was no error code in text. So I booted into safe mode and ran a full system scan which worked fine and found 30 tracking cookies -__- which of course mean nothing. I did a system restore to the 22nd and then used Mbam in normal mode.

Side note - Norton also had been sending notifications for high cpu usage by winrscmde.

I scanned with Malwarebytes and it detected a bunch of stuff, two of which were Trojans in Windows/Svchost.exe so I deleted them all then restarted. On the first restart it showed a black screen with Cursur so I forced it to shutoff and then I started it up again an it said svchost was trying to start so I quarantined it but I still couldn't open Norton.

Further reasearch lead me to download and run TDSS Killer by Kaspersky.

Resolution -

I ran TDSS killer and it detected and quarantined the svchost.exe virus, it disappeared from the windows folder for good. This looks like the only resolution to getting rid of the virus.

It's all summed up in this tutorial on how to remove the virus: http://averablog.blogspot.com/

bsod
virus
anti-virus
asked on Super User Dec 26, 2012 by Nick • edited Jan 15, 2013 by Nick

3 Answers

3

Have you tried another anti virus scanner?
Ideally a portable one (the risk to get blocked by a potential virus is lower).
Here are some portable anti virus scanner from my emergency stick

answered on Super User Dec 26, 2012 by nixda
2

This does sound like virus activity. I would run a full scan of Malwarebytes and see what that finds.

Other scans you could run include:

answered on Super User Dec 26, 2012 by MalwareManiac
0

Uninstall current antivirus by accessing task manager you can open task manager even your screen is black, press CTRL+Shift+Esc GO TO file > new task > and type control panel it will open control panel and uninstall current antivirus from Program & Feature. Restart > try some another antivirus live avg, avast, or Comodo Internet Security 6 BetaCIS 2013 which(Comodo already mention that they fix this black screen error.)

answered on Super User Dec 26, 2012 by Nishant Kumar

User contributions licensed under CC BY-SA 3.0