svchost Trojan?

brentsipl · Feb 28, 2007

VAIO laptop suddenly became too slow on the internet to use at all. Norton Internet Security program folder was deleted, and svchost.exe was taking all my resources. Looked like a trojan. I completed the entire RUN & READ ME FIRST (http://forums.majorgeeks.com/showthread.php?t=35407) and in the end svchost is no longer taking all my CPU time but it is still very slow compared to before the event. In addition to the procedure, I first tried system restore back to before the infection to no avail, and I also configured it to delete the pagefile on shutdown. Still svchost.exe seems to take an inordinate amount of memory (35MB), and my page file is at about 540MB with only AOL running (with more it goes up to 666 or more), which seems a little high to me for this XP computer. This is after it took about 10 minutes after boot for the CPU usage to die down. When I end this svchost.exe process it seems to speed up a bit. So I am suspicious something is still lurking in there. confused
I am now running AOL Security Center (McAfee AV) and CounterSpy. It seems that the infection came from email because another laptop that uses the same email account on AOL was also infected beyond repair and I am still in the process of rebuilding it.
I'm posting all my logs from that procedure including hijack this, and also screen shots of Task Manager of current state.
Please Help!!! :cry

chaslang · Mar 1, 2007

Welcome to Majorgeeks!

You need to cleanup all the bad email files shown in your Panda log. This must be done manually. Refer to your Activescan log.

Also manually cleanup all the ones mentioned for Outlook in your Bitdefender log.

You don't really have any malware other than the above. What you are mentioning can be normal for svchost memory usage and also for a page file. I currently have nothing running and my pagefile is 2G Bytes.

I do see Windows update running and using a lot of memory too. Perhaps that is your issue.

Okay now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Now Uninstall the below software:
J2SE Runtime Environment 5.0 Update 3
Mozilla Firefox (1.5.0.6)
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

Then install the current version of FireFox from: Mozilla Firefox

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Other than the above there are no malware problems showing in your logs that require any attention.

Log in or Sign up

svchost Trojan?

brentsipl Private E-2

Attached Files:

ScanLogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member