I now have this same problem, described & solved in an old thread, now closed.
SKIDD linked to a solution, but sadly the link won't come up? Here's Skidd's mesasage and link - is it possible to repost the fix?
Please follow the repair instruction detailed in this thread.
Thanks mibix; actually I've done most of what's on that page and, I think, got rid of the invader - - but not what it's done! (every hour it twice tries to dial out to the same IP number - and till I can stop it I'm not connecting that machine to the net).
The FIX that Skidd linked to (still won't connect) referred to the one, very specific issue but I don't know how to link to it to explain that members.
Many thanks mibix, it's v good of you to try so much to help. Those last two links of yours do look interesting - I've downloaded the files and once I understand them will have a go.
My problem is identical to Echoplex's at the head of that thread I sent - I suppose I could try asking him or Skidd but I see it was 4 years ago! Is there a way, do you know, to ask "Tom" what the FIX link said? I have the impression it was a pretty quick/easy fix, whereas more dramatic measures seem a bit heavy, for me anyway. Meanwhile:
Sadly I have no system restore points!
I don't really know what a System Repair is - sounds beyond me.
The Linux file works on XP?
Earlier in the week I took down a file called SvchostAnalyzer from here:
[#0005ff]I suggest that you go to http://www.bleepingcomputer.com and thoroughly read the instructions to work with ComboFix then download it from that sites own mirror. Do exactly what it says, particularly when it tells you to do nothing however long it takes to run and produce its log before restarting the system.
It will help if you've taken the advice above to use Aford10's methods first because that will clear the way through the clutter for ComboFix to runsmoothly. Run the CCLeaner before MalwareBytes - it makes the scans quicker - then run it again afterwards.
Accept the offer of a Registry backup before dealing with anything you find under the Issues scan.
Post the MBAM and CF logs back here so we can see what was sorted out and work out what may remain.[/#000ff]
The linux rescue disc works independently of windows. The disc is a method of doing a virus scan without starting windows, as a virus can sometimes hide itself if windows is running. You need your windows disc to do a system repair. What it does is repair any damaged files in windows without losing your Docs and data. The problem with doing a system repair is that you usually have to reinstall your programs again. This may not be helpful if you have not got the original programs to put back. They both sound complicated to do but they are not really if you take your time. You may be as well trying Saga lout's post first though.
Big apologies for delay - I suddenly realised I haven't done my Tax Return! When that's done I'll report back what I've done. Meanwhile, before I came to this forum I had run MWB and SuperAntiSpyware. One of them found "Trojan - DNS Changer" and removed it, the other found "Gen-Nullo [short]" and removed it. Neither log showed anything else at all.
Since my soundcard is affected I assume it's the latter that caused the problem; have done searches but found nothing useful. I further assume the bug has gone but not its effect, because Zone Alarm log keeps reporting this:
Windows XP-5.1.2600-Service Pack 2-SMP
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
LOCK,2010/10/10,16:55:56 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
LOCK,2010/10/10,16:56:02 +1:00 GMT,Generic Host Process for Win32 Services,220.127.116.11,N/A
LOCK,2010/10/10,17:56:50 +1:00 GMT,Generic Host Process for Win32 Services,,N/A
LOCK,2010/10/10,17:56:54 +1:00 GMT,Generic Host Process for Win32 Services,18.104.22.168,N/A
LOCK,2010/10/10,18:57:42 +1:00 GMT,Generic Host Process for Win32 Services,,N/A ............
And so on, every hour, ad infinitum. At least it's stopping it, but even so I've not connected that machine to the net. (I'm scared to look up IP No! )
Meanwhile Dear Dr Watson is reporting all this endlessly, taking up dozens of MB a day !
Incidentally, the 2 files mentioned in the error message *see my link to earlier post and the same problem" come up for me as well, but by the time the message comes they don't exist!
That;s it for now - all done as I say beFore I came on here. I'm no expert and GW, on reading, seems a bit beyond me; and maybe a sledgehammer (tho can't say about that). Have you any opinion on that "svchost.analyser.exe" I mentioned?
Many thanks to both and again sorry for delay - sbs2
(Also btw I run Ccleaner 2 or 3 times a week out of habit. One night I cleaned C up as completely as I could, did nothing at all until the next morning when all I did was search for files modified since midnight. Apart from System Restore stuff there are about a dozen - any point in showing them to you here? - sbs2