New Trojan: "svchost.exe*32" - winrscmde

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by PR0927, Jul 23, 2012.

  1. PR0927

    PR0927 Private E-2

    Hey guys, recently you were a big help with a Sirefef infection. Now it seems like I've got another infection, and I have a feeling it might be connected to the prior infection.

    I'm quite tech-savvy, and I'm not one to fall prey to viruses, but apparently I've been on a run of fail for the past 1.5 weeks or so.

    Any assistance in killing this new infection would be much appreciated.

    I saw some other people needing to post logs and whatnot, so I suppose it will be a similar process fr this winrscmde infection too?

    Been trying to kill it off, and ran Malwarebytes Anti-Malware too, to no avail - the "svchost.exe*32" thing keeps coming back.
     
  2. PR0927

    PR0927 Private E-2

    May have killed it with TDSSKiller, but it'd be nice to make sure. Any help is much appreciated!
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What did it show? Was it a bunch of stuff related to \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b )

    You may still have an infected C:\windows\svchost.exe file. This file should not be here at all in this folder. It may be best to runt the below cleaning procedure and attach the logs:

    READ & RUN ME FIRST. Malware Removal Guide
     
  4. PR0927

    PR0927 Private E-2


    Yeah, I checked to see if that file was there after TDSSKiller went to town on it (and I cannot remember the exact message given to me, but it definitely was something similar to what you wrote), and the "svchost.exe" file is not there in that directory.

    I'm having absolutely no problems since, and it's been a few days. Do you think I'm in the clear? If not, which anti-malware programs specifically should I run and attach the logs of?
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It sometimes is hidden from view.

    I cannot say for sure without seeing the logs. You could abbreviate and run only Malwarebytes and MGtools and attach those logs. While this is still not as complete as running everything, it will give us a better feeling.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds