Sign in with
Sign up | Sign in
Your question

Malware ("svchost.exe.mdmp" issue + sound compromised)

Tags:
  • Security
  • Malware
  • Svchost.Exe
  • Windows XP
Last response: in Windows XP
Share
October 6, 2010 3:50:13 PM

Hello,

I now have this same problem, described & solved in an old thread, now closed.
SKIDD linked to a solution, but sadly the link won't come up? Here's Skidd's mesasage and link - is it possible to repost the fix?

Skidd said:
Please follow the repair instruction detailed in this thread.

FIX


Many thanks - sbs2 (new member, first post)

More about : malware svchost exe mdmp issue sound compromised

October 7, 2010 5:48:15 PM

Thanks mibix; actually I've done most of what's on that page and, I think, got rid of the invader - - but not what it's done! (every hour it twice tries to dial out to the same IP number - and till I can stop it I'm not connecting that machine to the net).

The FIX that Skidd linked to (still won't connect) referred to the one, very specific issue but I don't know how to link to it to explain that members.

Ah, maybe this is how:

http://www.tomshardware.co.uk/forum/232023-35-svchost-e...

Apologies if that doesn't work, as you saw I'm new here, but many thanks for replying; makews me most impressed with my new "Club" here!
I really hope I can blow this thing away.

sbs2
October 7, 2010 9:31:24 PM

I cannot get the link to open either. It must have been taken off. All I can suggest is doing either a system restore, a system repair or going to the following link. http://www.f-secure.com/linux-weblog/2009/09/22/rescue-... This is a linux rescue cd which scans you computer for viruses and malware.( A good one as well) Download the ZIP file. open the zip file and burn the ISO onto a disc. then start your computer with the disc and let it scan your PC. If your computer is not on the internet when you start you can update the AV with a USB stick. There is a help file in the zip folder. Here is a link for autodialler removal http://www.exterminate-it.com/malpedia/remove-auto-dial Also have a look at this link in case your hosts file has been attacked http://www.tech-pro.net/how-to-check-repair-hosts-file....
October 8, 2010 5:37:01 AM

Many thanks mibix, it's v good of you to try so much to help. Those last two links of yours do look interesting - I've downloaded the files and once I understand them will have a go.

My problem is identical to Echoplex's at the head of that thread I sent - I suppose I could try asking him or Skidd but I see it was 4 years ago! Is there a way, do you know, to ask "Tom" what the FIX link said? I have the impression it was a pretty quick/easy fix, whereas more dramatic measures seem a bit heavy, for me anyway. Meanwhile:

Sadly I have no system restore points!
I don't really know what a System Repair is - sounds beyond me.
The Linux file works on XP?

Earlier in the week I took down a file called SvchostAnalyzer from here:

www.neuber.com/free/svchost-analyzer/index.html

but, always wary, am frightened to use it in case it's more infection! Do you know of it, or of Neuber?

again big thanks - sbs2
a b 8 Security
October 8, 2010 6:49:14 AM

[#0005ff]I suggest that you go to http://www.bleepingcomputer.com and thoroughly read the instructions to work with ComboFix then download it from that sites own mirror. Do exactly what it says, particularly when it tells you to do nothing however long it takes to run and produce its log before restarting the system.

It will help if you've taken the advice above to use Aford10's methods first because that will clear the way through the clutter for ComboFix to runsmoothly. Run the CCLeaner before MalwareBytes - it makes the scans quicker - then run it again afterwards.

Accept the offer of a Registry backup before dealing with anything you find under the Issues scan.

Post the MBAM and CF logs back here so we can see what was sorted out and work out what may remain.
[/#000ff]
October 8, 2010 6:02:11 PM

The linux rescue disc works independently of windows. The disc is a method of doing a virus scan without starting windows, as a virus can sometimes hide itself if windows is running. You need your windows disc to do a system repair. What it does is repair any damaged files in windows without losing your Docs and data. The problem with doing a system repair is that you usually have to reinstall your programs again. This may not be helpful if you have not got the original programs to put back. They both sound complicated to do but they are not really if you take your time. You may be as well trying Saga lout's post first though.
October 13, 2010 7:42:31 PM

Big apologies for delay - I suddenly realised I haven't done my Tax Return! When that's done I'll report back what I've done. Meanwhile, before I came to this forum I had run MWB and SuperAntiSpyware. One of them found "Trojan - DNS Changer" and removed it, the other found "Gen-Nullo [short]" and removed it. Neither log showed anything else at all.

Since my soundcard is affected I assume it's the latter that caused the problem; have done searches but found nothing useful. I further assume the bug has gone but not its effect, because Zone Alarm log keeps reporting this:

QUOTE
Windows XP-5.1.2600-Service Pack 2-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
LOCK,2010/10/10,16:55:56 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
LOCK,2010/10/10,16:56:02 +1:00 GMT,Generic Host Process for Win32 Services,174.142.51.17,N/A
LOCK,2010/10/10,17:56:50 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
LOCK,2010/10/10,17:56:54 +1:00 GMT,Generic Host Process for Win32 Services,174.142.51.17,N/A
LOCK,2010/10/10,18:57:42 +1:00 GMT,Generic Host Process for Win32 Services,,N/A ............

UNQUOTE

And so on, every hour, ad infinitum. At least it's stopping it, but even so I've not connected that machine to the net. (I'm scared to look up IP No! )

Meanwhile Dear Dr Watson is reporting all this endlessly, taking up dozens of MB a day !

Incidentally, the 2 files mentioned in the error message *see my link to earlier post and the same problem" come up for me as well, but by the time the message comes they don't exist!

That;s it for now - all done as I say beFore I came on here. I'm no expert and GW, on reading, seems a bit beyond me; and maybe a sledgehammer (tho can't say about that). Have you any opinion on that "svchost.analyser.exe" I mentioned?

Many thanks to both and again sorry for delay - sbs2
October 13, 2010 7:47:04 PM

More apologies - not "GW", i meant CF "

(Also btw I run Ccleaner 2 or 3 times a week out of habit. One night I cleaned C up as completely as I could, did nothing at all until the next morning when all I did was search for files modified since midnight. Apart from System Restore stuff there are about a dozen - any point in showing them to you here? - sbs2
!