svchos1at.exe and similar *new*

Re: svchos1at.exe and similar

Hallo BJ, how are you?

I revently set up a ADSL connection, now it's much better.

I wonder if I am now more or less vulnerable to get malwares (virus and spyware stuff) with the ADSL than with the old dial up system.
Dialer, for example should not be dangerous any more, should they?

What is your advise? I have webroot, Microsoft antispywre, Ad-aware running. Enough?

I attach my present log, just for a check if you wish.

Thank you and greetings from Italy,

Daniel

 

Re: svchos1at.exe and similar

daniel2004,

Since it's been so long I have created a new thread for you. This will avoid confusion from past fixes and such. With Cable/DSL you are more vulnerable to infections, however with proper protection there is no worries.

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Afterwards, post the logs from the online scans and a fresh HJT log.

 

All right for the new thread,

I did all the recomended steps, and here are the logs.
There is this "adware/adwhere" ... mah it was not detected neither by Ad-Aware nor by Spy sweeper, Mic. Antispyware, spybot, nor ScanSpyware..

Thank you for your advice.

Daniel

 

Do you have Spy Sweeper purchased? If so, update the defs and run a full sweep and attach this log along with the below.

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

Hallo, BJ

Yes, I have Spy Sweeper purchased.

I made the following:

1. scanning with ewido – found ExlGen.dll and eliminated (1-rapporto)
2. scanning with Spy Sweeper
3. reboot
4. scanning again with ewido – nothing found (2-rapporto)
5. made a new hijackthis.log


The reports of ewido (rapporto scansione) are in Italian.. So inside the report you may find a line of translation at the end of the report.

I hope it’s ok..

Thank you again,
Daniel

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above, scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Dear BJ,

I followed your steps… only I could not disable the "System Restore": I found instructions for XP and Millennium, but I could not make them match with my Win 2000 - Shall I do something?

Anyway, here’s the new log. It seems things are running regularly…

Daniel

 

I apologize, Win2k does not have SR, only WinME & XP.

Your HJT log looks good, are you having any further problems?

 

No, Bj, I'm not having any problem at the moment.

Thank you!

Daniel

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

Hallo BJ,

I found with regedit the following:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
mdss32.exe

It seems that mdss32.exe is a Troyan...I read it on google

I do not find mdss32.exe in System32 or anywhere else...

Is that reg Key really a synthom of troyan infection?

I attach the log.

Thanks for your help,

Daniel

 

Thank you Chaslang,

I did it, and here is the txt attachment.

Thank you for following my problem and greetings from Italy

Daniel

 

It's much better: mdss32.exe is nowhere to be found on reg. keys now.

Only, Scan Spyware detects perfh010.dat as an infected file… perfh10 – 09 etc. are system files too, I think, and ScanSpyware is sometimes a bit obsessive, isn't it?

Are mdss32.exe and perfh010.dat connected in some way?
Is it possible that perfh010.dat is a dangerous file, or that it has been infected before?

Thanks,
Daniel

 

Thank you for the advice!

I read: "false positives work as goad to purchase" yes, I noticed that, and I will uninstall it right away.

Thank you again and have a happy weekend.

Daniel

 

Sure i did!

I have installed Sygate Personal Firewall and I purchased Webroot Spy Sweeper...

Daniel