Malware ("svchost.exe.mdmp" issue + sound compromised)


I now have this same problem, described & solved in an old thread, now closed.
SKIDD linked to a solution, but sadly the link won't come up? Here's Skidd's mesasage and link - is it possible to repost the fix?

Skidd said:
Please follow the repair instruction detailed in this thread.


Many thanks - sbs2 (new member, first post)
8 answers Last reply
More about malware svchost mdmp issue sound compromised
  1. Run through the guide of aford10 at the top of the page, or click on the link here
  2. Thanks mibix; actually I've done most of what's on that page and, I think, got rid of the invader - - but not what it's done! (every hour it twice tries to dial out to the same IP number - and till I can stop it I'm not connecting that machine to the net).

    The FIX that Skidd linked to (still won't connect) referred to the one, very specific issue but I don't know how to link to it to explain that members.

    Ah, maybe this is how:

    Apologies if that doesn't work, as you saw I'm new here, but many thanks for replying; makews me most impressed with my new "Club" here!
    I really hope I can blow this thing away.

  3. I cannot get the link to open either. It must have been taken off. All I can suggest is doing either a system restore, a system repair or going to the following link. This is a linux rescue cd which scans you computer for viruses and malware.( A good one as well) Download the ZIP file. open the zip file and burn the ISO onto a disc. then start your computer with the disc and let it scan your PC. If your computer is not on the internet when you start you can update the AV with a USB stick. There is a help file in the zip folder. Here is a link for autodialler removal Also have a look at this link in case your hosts file has been attacked
  4. Many thanks mibix, it's v good of you to try so much to help. Those last two links of yours do look interesting - I've downloaded the files and once I understand them will have a go.

    My problem is identical to Echoplex's at the head of that thread I sent - I suppose I could try asking him or Skidd but I see it was 4 years ago! Is there a way, do you know, to ask "Tom" what the FIX link said? I have the impression it was a pretty quick/easy fix, whereas more dramatic measures seem a bit heavy, for me anyway. Meanwhile:

    Sadly I have no system restore points!
    I don't really know what a System Repair is - sounds beyond me.
    The Linux file works on XP?

    Earlier in the week I took down a file called SvchostAnalyzer from here:

    but, always wary, am frightened to use it in case it's more infection! Do you know of it, or of Neuber?

    again big thanks - sbs2
  5. [#0005ff]I suggest that you go to and thoroughly read the instructions to work with ComboFix then download it from that sites own mirror. Do exactly what it says, particularly when it tells you to do nothing however long it takes to run and produce its log before restarting the system.

    It will help if you've taken the advice above to use Aford10's methods first because that will clear the way through the clutter for ComboFix to runsmoothly. Run the CCLeaner before MalwareBytes - it makes the scans quicker - then run it again afterwards.

    Accept the offer of a Registry backup before dealing with anything you find under the Issues scan.

    Post the MBAM and CF logs back here so we can see what was sorted out and work out what may remain.
  6. The linux rescue disc works independently of windows. The disc is a method of doing a virus scan without starting windows, as a virus can sometimes hide itself if windows is running. You need your windows disc to do a system repair. What it does is repair any damaged files in windows without losing your Docs and data. The problem with doing a system repair is that you usually have to reinstall your programs again. This may not be helpful if you have not got the original programs to put back. They both sound complicated to do but they are not really if you take your time. You may be as well trying Saga lout's post first though.
  7. Big apologies for delay - I suddenly realised I haven't done my Tax Return! When that's done I'll report back what I've done. Meanwhile, before I came to this forum I had run MWB and SuperAntiSpyware. One of them found "Trojan - DNS Changer" and removed it, the other found "Gen-Nullo [short]" and removed it. Neither log showed anything else at all.

    Since my soundcard is affected I assume it's the latter that caused the problem; have done searches but found nothing useful. I further assume the bug has gone but not its effect, because Zone Alarm log keeps reporting this:

    Windows XP-5.1.2600-Service Pack 2-SMP
    type,date,time,source,destination,transport (Security)
    type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
    type,date,time,source,destination,action,service (IM Security)
    type,date,time,source,destination,program,action (Malicious Code Protection)
    type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
    type,date,time,name,type,mode (Anti-Spyware)
    LOCK,2010/10/10,16:55:56 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
    LOCK,2010/10/10,16:56:02 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
    LOCK,2010/10/10,17:56:50 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
    LOCK,2010/10/10,17:56:54 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
    LOCK,2010/10/10,18:57:42 +1:00 GMT,Generic Host Process for Win32 Services,,N/A ............


    And so on, every hour, ad infinitum. At least it's stopping it, but even so I've not connected that machine to the net. (I'm scared to look up IP No! )

    Meanwhile Dear Dr Watson is reporting all this endlessly, taking up dozens of MB a day !

    Incidentally, the 2 files mentioned in the error message *see my link to earlier post and the same problem" come up for me as well, but by the time the message comes they don't exist!

    That;s it for now - all done as I say beFore I came on here. I'm no expert and GW, on reading, seems a bit beyond me; and maybe a sledgehammer (tho can't say about that). Have you any opinion on that "svchost.analyser.exe" I mentioned?

    Many thanks to both and again sorry for delay - sbs2
  8. More apologies - not "GW", i meant CF "

    (Also btw I run Ccleaner 2 or 3 times a week out of habit. One night I cleaned C up as completely as I could, did nothing at all until the next morning when all I did was search for files modified since midnight. Apart from System Restore stuff there are about a dozen - any point in showing them to you here? - sbs2
Ask a new question

Read More

Security Malware Svchost.Exe Windows XP