MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 01-27-12, 06:55
edenelaine edenelaine is offline
Private E-2
 
Join Date: Jan 2012
Posts: 5
Thanks: 3
Thanked 0 Times in 0 Posts
Unhappy smitfraud-c.generic/ svchost.exe

Wow, getting here has been a journey, to say the least. But first off, just wanted to say thank you for what you, and your team/site does! I have always considered myself fairly computer savvy; but I am learning that, "fairly" doesn't cut it in some situations. So I repeat, THANK YOU!

I suppose I will start from the top. I suppose I first started noticing my computer slowing down maybe six weeks ago. It wasn't anything I felt was significant enough to keep watch on, so I continued regular usage. Over the past six months, I have rarely turned my computer off (always hibernate, maybe shut down once a week), so when it started shutting off for no apparent reason, that is when I began to worry. That was about a month ago. I would leave my computer up and running, and when I would return (sometimes I wasn't gone for more than an hour), it would be off. Upon restart the system would appear normal, but when it began to load the windows files, the Startup Repair window would pop up stating "Your computer was unable to start." Then it gave me the list of tools to use, in which I always did a system restore to the latest available date. Once I went through this process (at least a 30 minute process), my computer would restart and work normally (a little slow at first, but after about a week, was noticibly slower). Once I left my computer undattended for too long however, I had to repeat this process. In addition, I tried to turn to Norton for help, come to find out that for some unknown reason, no scan will run (potentiall registry error, but at the same time I fixed registry, I also updated version of Norton) ------- (needless to say, I didn't use my computer very often during this time).

At this point, I asked my dad to take a look at the computer, and it was returned to me a couple days later. I believe what he said was, "the registry just had to be updated." He also mentioned that he thought my computer was slow. So when I got it back, I cleaned it out (Deleted programs, defragmented/disc cleanup, deleted temps, recycle bin, full Norton scan yadda yadda yadda.. That was about three weeks ago. My computer appeared to be smooth, but I started noticing alerts that were notifying me of both high CPU usage, and memory usage. After a few days of this, I knew I was ready to tackle whatever was wrong with my computer.

I began by researching every running program and process (entering in to google), and couldn't find any program that screamed virus (SVCHOST is sneaky! Hides in the windows folder, not cool!) So after going through that for a couple days, I did some research on high CPU/memory usage. I came across a forum (outside of majorgeeks) that suggested Malwarebytes, and Spybot. I ran both of them (had some difficulties with the software "freaking out" and not running properly. My guess is that it's due to whatever is infecting my computer). After some time however, I got both of them to run successfully (3-4 days ago). Smitfraud-C.generic came up on both scans, and both said that they successfully removed all unwanted programs. Upon a restart and a re-scan, it is clear that it was still there.. It was after installing Malwarebytes however that I noticed what an issue I have; because, every few minutes, a pop up from MWB pops up saying "successfully prevented access to a potentially malicious website." Process: svchost.exe.

And so my search began on how to get rid of this for good. I tried to avoid forums at all costs, but started to realize the following: this is pretty serious, and I can't really afford to try things that I am not sure of. This is when I stumbled upon your site, and a forum that discussed smitfraud-C.generic. After reading a little ways through it, I realized that if I wanted any help, I would have to do it your way.. and so came the READ ME FIRST. Lets just say, whatever is messing with my system, doesn't like the READ ME FIRST instructions. However, not everything was unsuccessful.

Upon following the instructions, the first problem I faced was when I looked in to making sure all the old versions of Java Sun were removed from the system. I tried running Secunia (PSI) and JavaRa. - JavaRa wouldn't complete, and Secunia's scan wouldn't even start. At this point, I just made sure all old versions were out of the add/remove programs list.

1)SuperAntiSpyWare installed and ran succesfully. Attached is the log.
2)MalWareBytes was already installed, but I reinstalled, and that appeared to be successful. Attached is the log.
3)Combofix. This got really intersting. Slightly embarassed to say so because there is such an emphasis on being careful, and doing exactly as the directions say. So forgive me if I did something incredibly stupid (I'll elaborate). From the link provided in the instructions (step 1), I downloaded combofix. It would not download, and I figured out why: Norton was preventing it from doing so. It would get to the end of the download, then a window would pop up with the prompt : "youll need to provide administrator permission to copy this file." Once "ok" was pressed, "You need Permission to perform this action" "You require permission from the computer’s administrator to make changes to this file" appeared. When "Ok" was pressed on this window, that's when Norton came in and quarantined what was trying to download. I knew that the problem was Norton so i tried tweaking Norton, and trying again several times. (Had not learned yet that I should disable Anti-Virus Auto Protect). But I came across this option, and it successfully saved to the desktop. I wish this is where it stopped with combofix.......... when it came time to follow the instructions, and scan, the scan that was pictured in the tuturiol, and the one that was on my screen looked very different. So I stopped the scan with the task manager, and downloaded the one that was listed at the top of the instructions page. This download went smoothly, and the scan started as normal. I watched the computer scan for approximately twenty minutes, and then left my computer momentarily. When I returned the computer was off, and upon restart it said that "the computer shut down unexpectedly, yadda, yadda yadda." Well, because I didn't know what happened, I decided that I shoud know what was occuring during the scan so that I could tell you. So, I ran the scan one more time. Of course, after watching the scan for thirty minutes, I fell asleep. Not even sure if it shut down or not. When I woke up this morning, I searched what feels like the entire C: drive for the logs, and honestly, I don't think they exist. Which is likely, now that I think about it.

There was probably several things that I just mentioned that I shouldn't have done ( I didn't realize this until I started searching for the logs, and noticed that there is MANY system coppies under the "Combofix computer icon" I'm thinking you might know what I mean? If not, I will explain. A little embarassed about it, and hopeing that such a thing happens to anyone that uses combofix. But, something tells me that may not be the case =-x Praying you can assist me if that's the case!

4)RootRepeal- Did not run because I am running 64x
5)MGTools ran smoothly, and the zipped file is attached

When it was all said and done, I ran Spybot again to make sure that the initial problem I was trying to get rid of still remained. Smitfraud-C.generic is still present.

Really hoping I didn't bable too much, or give you an excess of unneeded information.

But most of all, I'm hoping that I didn't make my computer worse in the midst of trying to fix it

Hope you can help! Thank you again!
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 01-23-2012 - 23-21-42.log (568 Bytes, 1 views)
File Type: txt mbam-log-2012-01-23 (23-39-43).txt (2.0 KB, 1 views)
File Type: zip MGlogs.zip (288.8 KB, 3 views)

Last edited by Kestrel13!; 01-27-12 at 09:09.. Reason: reverted font to normal style for easier reading.
Reply With Quote
Sponsored links
  #2  
Old 01-27-12, 09:18
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,118
Thanks: 1,003
Thanked 3,786 Times in 3,687 Posts
Default Re: smitfraud-c.generic/ svchost.exe

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    • Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    • Found non-standard or infected MBR.
    • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
edenelaine (01-27-12)
  #3  
Old 01-27-12, 20:55
edenelaine edenelaine is offline
Private E-2
 
Join Date: Jan 2012
Posts: 5
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: smitfraud-c.generic/ svchost.exe

Attached are the logs from TDSSkiller and MBRcheck.

Thank you for you time!
Attached Files
File Type: txt MBRCheck_01.27.12_18.47.56.txt (16.6 KB, 5 views)
File Type: txt TDSSKiller.2.7.7.0_27.01.2012_18.31.15_log.txt (82.8 KB, 6 views)
Reply With Quote
  #4  
Old 01-28-12, 09:09
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,118
Thanks: 1,003
Thanked 3,786 Times in 3,687 Posts
Default Re: smitfraud-c.generic/ svchost.exe

  • Rescan with Malware Bytes and attach the new log.
  • Re-run TDSSKiller and attach the new log from that too.
  • Is combofix able to run now at this stage?
  • How are things running?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
edenelaine (01-29-12)
  #5  
Old 01-29-12, 23:55
edenelaine edenelaine is offline
Private E-2
 
Join Date: Jan 2012
Posts: 5
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: smitfraud-c.generic/ svchost.exe

I haven't noticed any problems. Stopped recieving alerts from Malwarebytes about svchost.exe! That's exciting .

All scans were successful, including Combofix.

I have attched the log reports from Malwarebytes, TDSSkiller, and Combofix.

You're awesome!
Attached Files
File Type: txt mbam-log-2012-01-29 (20-14-32).txt (1.8 KB, 1 views)
File Type: txt TDSSKiller.2.7.7.0_29.01.2012_20.32.26_log.txt (82.0 KB, 1 views)
File Type: txt ComboFix.txt (20.0 KB, 3 views)
Reply With Quote
Sponsored links
  #6  
Old 01-30-12, 08:27
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,118
Thanks: 1,003
Thanked 3,786 Times in 3,687 Posts
Default Re: smitfraud-c.generic/ svchost.exe

Re-run TDSSKiller and have it fix these that you had it skip before.
Quote:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • Either cure, delete or quarantine them.
  • Attach new log.
  • Everything still running okay?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #7  
Old 01-31-12, 23:11
edenelaine edenelaine is offline
Private E-2
 
Join Date: Jan 2012
Posts: 5
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: smitfraud-c.generic/ svchost.exe

Yup, everything seems to be running smoothly still

Attached is the TDSSkiller log.

Thank you!
Attached Files
File Type: txt TDSSKiller.2.7.8.0_31.01.2012_21.03.18_log.txt (84.6 KB, 2 views)
Reply With Quote
  #8  
Old 02-01-12, 18:39
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,118
Thanks: 1,003
Thanked 3,786 Times in 3,687 Posts
Default Re: smitfraud-c.generic/ svchost.exe

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis.
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work thru the below link:
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
edenelaine (02-06-12)
  #9  
Old 02-06-12, 19:46
edenelaine edenelaine is offline
Private E-2
 
Join Date: Jan 2012
Posts: 5
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: smitfraud-c.generic/ svchost.exe

Thanks for all your help!
Reply With Quote
  #10  
Old 02-07-12, 08:00
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 29,118
Thanks: 1,003
Thanked 3,786 Times in 3,687 Posts
Default Re: smitfraud-c.generic/ svchost.exe

You are most welcome. Safe surfing!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
Reply

Tags
smitfraud-c.generic, svchost.exe

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Infected by Smitfraud.C-Generic. HELP PLEASE! SceneStealer Malware Removal 5 12-30-11 09:47
Generic Host Process is trying to act as server? svchost.exe mystique-topaz Software 2 01-12-09 17:59
Svchost.exe errors and Generic Host process.... Sextant Software 4 09-13-05 14:50
Generic Host Process for Win32(svchost.exe) SpecialFNK Hardware 1 01-23-05 18:09
Generic Host Processors and svchost.exe Lance Bombardier Software 0 10-09-04 01:45


All times are GMT -5. The time now is 11:06.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger