Pending Help. I have i svchost.exe*32 and svchost.exe descrip. winrscmde

selcricify · Mar 11, 2012

recently i have come across this problem when my computer just shutted off by itself. i thought nothing of it and started it again but then after an hour later, a suspicious audio played in the background of my computer when there wasnt no browsers opened or anything. I googled how to fixed this and they sayed malwarebytes will fix the problem and it did but unfortunately my computer had some other issues too that i could not fix. It was a svchost.exe*32 file with the description of winrscmde that came from my windows folder and a svchost.exe*32 that came from SysWOW64 folder.
I tried deleting the winrscmde one by removing ending the process from taskmanager and deleting it from the folder. It worked but i realized it just comes back anyways. On the other hand with the svchost.exe*32 i would try to delete it from the task manager but it just comes back instantly.
EDIT:
Also the deletable svchost.exe*32 would pass on alot of malware when it comes back until i delete it.
and when searching on google, the browsing links would come up as Error 404.
Help please? Thank you very much i would greatly appreciate it. i can't seem to stop worrying. i have seen a thread very similar to this problem but im scared if i follow it ill just make it worse.

Rustys · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

Access the Prework using the link below. Post all logs back into this thread. We will move the thread to Security (with a redirect for you) for their review once we have the logs.

http://www.pchelpforum.com/new-hijackthis-logs/11849-prework-please-read-before-posting.html

selcricify · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

Here are the files that you asked for.

Rustys · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

Placed request to have thread moved. Thank you for your patients.

DCiAdmin · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

Relocated to Security for review and recommendation

Thank you for the logs!

Pancake · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

The svchost.exe*32 are normal files.They are part of Windows.However...you do have a rootkit virus so lets remove it.

Please run all these programs..

Download the TDSSKiller.exe and extract to your Desktop.

Execute TDSSKiller.exe by doubleclicking on it. You may be prompted to restart your machine. Type Y at the prompt.
Once complete, a log will be produced at root. It will be named
UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.

Attach that log here please.

====================================================

Download Malwarebytes' Anti-Malware from Download Malwarebytes' Anti-Malware from HERE and save it to you desktop.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log back here please.

=============================================

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
Link 3
When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click PCHelpForum.exe to run it.
You will see the following image:

Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

selcricify · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

Thank you very much. My question is that can i use a DVD as my hard drive? I kind of screwed up and did that ahead without copying my report. Sorry . And what do you mean by Type Y at the prompt.
Once complete, a log will be produced at root. It will be named
UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.
EDIT: Nevermind. I figured it out. The logs will be here shortly. Sorry for the trouble

selcricify · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

After i ran combo fix, I could not find my log report and my internet is not working.Right now I'm using my brother's computer.

Pancake · Mar 11, 2012

Re: Help. I have i svchost.exe*32 and svchost.exe descrip. winrsc

Ok.Just give me the TDDS report and the run Malwarebytes

Log in or Join Us

Pending Help. I have i svchost.exe*32 and svchost.exe descrip. winrscmde

selcricify Bronze Member

Rustys Tech Member

selcricify Bronze Member

Attached Files:

OTL.Txt

Extras.Txt

aswMBR.txt

Google Advertisement

Rustys Tech Member

DCiAdmin Administrator & Tech Team Leader

Pancake Security Team

selcricify Bronze Member

selcricify Bronze Member

Pancake Security Team

Help. I have i svchost.exe*32 and svchost.exe descrip. winrscmde

Log in or Join Us

Pending Help. I have i svchost.exe*32 and svchost.exe descrip. winrscmde

selcricify Bronze Member

Rustys Tech Member

selcricify Bronze Member

Attached Files:

OTL.Txt

Extras.Txt

aswMBR.txt

Google Advertisement

Rustys Tech Member

DCiAdmin Administrator & Tech Team Leader

Pancake Security Team

selcricify Bronze Member

selcricify Bronze Member

Pancake Security Team

Help. I have i svchost.exe*32 and svchost.exe descrip. winrscmde

Useful Searches