Windows 10: Heavily Infected by svchost.exe and Poweliks.

Discus and support Heavily Infected by svchost.exe and Poweliks. in AntiVirus, Firewalls and System Security to solve the problem; I always have 100 disconnection from Internet when taking backups and immediately store the backup device offline. My Backups on Windows are run via a... Discussion in 'AntiVirus, Firewalls and System Security' started by Wynona, Apr 5, 2018.

  1. Wynona Win User

    Heavily Infected by svchost.exe and Poweliks.


    A good practice that everyone should follow.

    Before deciding to clean install or to use an AV to clean one’s system, it must first be ascertained what each procedure entails. In this case, Young Tomlin has said, “The reason I don't reset is because of the applications I have on this pc and I don't have time to reinstall them as I use them for work.

    We must understand and consider the individual user’s wants and needs before deciding for him/her that a clean install is more valuable than cleaning the computer. How many apps and programs are on the computer. How long will it take to reinstall them? Once they’re reinstalled, how long will it take to set them up the way we want them? An individual’s files are a major consideration here. Even if we can recover the files from a corrupted system, will they need to be scanned before we can use them? Would it have been easier to clean the computer; thus, saving all our files?

    Not every malware/virus is cleanable, but the majority of them are. If they weren't, AV companies would not exist, nor would they be releasing tools to clean specific infections.

    I’d hate to be required to clean install the Fall Creators Update on my teaching Lappy. I have a lot of things on there that won’t be easily replaced; not the least of which are deeply discounted (free) apps that cannot be reinstalled.

    In my considered opinion, it would be a huge disservice to tell Young Tomlin to do a clean installation at this point. With Simrick’s guidance, it wasn’t necessary; he’s back up and running.

    Most AV programs come with an “individual file scanner” and/or a “multiple file scanner”.

    If Young Tomlin’s files reside on his internal drive(s), they will have been successfully scanned due to his prior work to clean his computer. If files were on externals (including flash drives) …

    The question must be asked, (1) “Was it attached to the computer at the time of the attack? (2) And if so, was the external still attached during Young Tomlin’s prior cleanup efforts?” These two questions and their answers will serve to guide Young Tomlin in how to proceed.

    Any AV worth its salt will certainly yell bloody murder if it perceives an attack, whether it be on the OS or on Data! I believe a combination of all the above will help anyone to decide how to proceed.

    Why not just individually scan the finished file with your AV? If it won’t scan individual files, get one that will.

    Young Tomlin has successfully cleaned his computer, run a final check with Eset and has downloaded Macrium Reflect, installed it and backed up his computer. By following Simrick’s advice, he is a little more knowledgeable today than he was yesterday or the day before.

    All’s well that ends well …
     
    Wynona, Apr 5, 2018
    #1

  2. Hello

    I recently allowed my cousin to do some work on my personal computer and when I received it back Chrome suddenly closed on the aspect of anything incriminating of a virus removal. Also, looking at task manager shows a unnamed task that is under Windows Processes, that is taking around 60% of the CPU of my computer.

    It claims to be Service Host, or svchost.exe however its not located in system32 so I'm pretty sure it's a virus in disguise.

    I ran multiple anti-virus programs, Malwarebytes detected over 500 threats. They were mostly cleaned, however it does not detect Poweliks. I have tried using ESETPoweliks cleaner which just closes on opening, I have also tried symantic's program which just results in Poweliks not being found.

    Also, my computer cannot reboot, it crashes when it restarts, with a critcal error/BSOD, I have attached the files as well.MSI-13_04_2018_234402_70.zip

    So, I am truly stumped. I don't know what else to do. If this is a different virus or anything. Also, I hope I posted this in the right place. *Smile

    Thanks for any help.

    :)
     
    youngtomlin, Apr 13, 2018
    #2
  3. Bruce Hagen, Apr 13, 2018
    #3
  4. ap1978 Win User
  5. simrick Win User
    Hi.
    You are correct, it is not a legit svchost.
    Have you tried running some offline scans?

    - Defender has an option for offline scan
    - Kyhi's recovery media has Malwarebytes built-in. You can boot the system to it and scan the system drive while the infection is not active - much easier to clean that way.
    - Eset bootable media "ESET SysRescue Live"
    Download Tools and Utilities ESET

    You could even try running these while in the operating system:

    RKILL
    Download RKill
    ADWCleaner
    Downloads - AdwCleaner - ToolsLib
    (reboot)
    RKILL (again)
    Malwarebytes (with rootkit box checked)
    Then run the Eset Poweliks removal tool
     
    simrick, Apr 13, 2018
    #6
  6. Hello again, thanks for the quick replies.

    The AVG results didn't find anything and nor did the offline Defender scan. The other options close my Chrome so I can't check those out. During the restarting of my computer it crashed again and the logs are in the original post.

    Thanks again for all your help. Brief because I don't want it to crash again.
    Thanks.
     
    youngtomlin, Apr 13, 2018
    #7
  7. simrick Win User

    Heavily Infected by svchost.exe and Poweliks.

    If you can't get any of your browsers to work, (even after resetting them - including Internet Explorer), you'll need to get to a clean system to do the downloads. The offline/bootable media methods are best for clearing out this stuff.
     
    simrick, Apr 13, 2018
    #8
  8. Ok. I'll grab my usb now and try those out. Lets hope malwarebytes does something this time. Thanks in advance

    Typing on my phone now. My computer keeps crashing but I'm guessing that's because of the virus . I'll take that to bsod support afterwards if it's still happening.

    Again. Thank you for your help
     
    youngtomlin, Apr 13, 2018
    #9
  9. ap1978 Win User
    Good luck.
     
    ap1978, Apr 13, 2018
    #10
  10. simrick Win User
    Okay, let us know how it goes. Good luck.
     
    simrick, Apr 13, 2018
    #11
  11. flybynite Win User
    By the time you go through all this you would be better off taking 20 minutes to install Windows 10 again.
     
    flybynite, Apr 13, 2018
    #12
  12. Try3 Win User

    Heavily Infected by svchost.exe and Poweliks.

    tomlin,

    • I agree that svchost being outside system32 warrants investigation.
    • I have no idea why you mention Powerliks. [I once had one of the many Powerliks variants & Malwarebytes successfully detected it]
    • If some scans fail to find anything but other scanners crash / the computer crashes / the computer cannot boot, I think that you are going to end up rescuing your personal files and then reinstalling Windows 10.

    Denis
     
  13. jimbo45 Win User
    Hi folks

    If your computer is infected don't waste your time spending hours on trying to "dis-infect it". You can't ever be sure that the program does its job 100%

    Using an infected computer to cleanse / disinfect itself is like if you are a Pilot and told here's a defective plane but you have to fly it and fix it in the air !!!!!. As a licensed Private Pilot you know what my answer would be to that one !!!!

    Simply restore a clean image (Macrium Free if you have it) --if you haven't then the only sensible way is a clean Windows install. You won't lose activation on any clean installs. Then always make sure you have a clean backup image --if you keep OS / Data separately image can be taken / restored even on older systems within 30 mins at most.

    You are also 100% isolated against Ransomware as well -- simply disconnect computer from internet, switch off immediately, re-boot your restore program and restore clean image.

    Cheers
    jimbo
     
    jimbo45, Apr 13, 2018
    #14
  14. I mention Poweliks because it's the only virus that comes to mind that closes Chrome. It's also located the in registry so it could be hidden. I tried the suggestion of scanning in malwarebytes offline and it detected a whole lot more. I then tried the RKILL steps and was able to run poweliks cleaner which successfuly cleaned Poweliks as well.

    So I think most is gone now. I've managed to clean most things. The reason I don't reset is because of the applications I have on this pc and I don't have time to reinstall them as I use them for work.

    I'll marked as solved now. Thanks to all the people that helped me. Thanks again.
     
    youngtomlin, Apr 13, 2018
    #15
Thema:

Heavily Infected by svchost.exe and Poweliks.

Loading...
  1. Heavily Infected by svchost.exe and Poweliks. - Similar Threads - Heavily Infected svchost

  2. Svchost blocked

    in Windows 10 Ask Insider
    Svchost blocked: When I open mozilla firefox, windows defender blocks svchost.exe from accessing secured folder %userprofile%/Videos Can anyone help me out with this one and tell me why is this happening? submitted by /u/Dalrew [link] [comments]...
  3. Why is svchost here

    in Windows 10 Ask Insider
    Why is svchost here: [ATTACH] submitted by /u/totallyweird-person [link] [comments] https://www.reddit.com/r/Windows10/comments/ej0dgc/why_is_svchost_here/
  4. BSOD when "heavily" using the computer

    in Windows 10 BSOD Crashes and Debugging
    BSOD when "heavily" using the computer: Two weeks ago, everything worked just fine. Then BSODs with UNEXPECTED_STORE_EXCEPTION started appearing, mainly when playing games. It messed up Windows. At a certain point, I couldn't even open Configuration because the app would instantly crash. I decided to reinstall...
  5. windows infected by a .exe virus

    in AntiVirus, Firewalls and System Security
    windows infected by a .exe virus: My windows is infected by an .exe virus which as turned mostly folders and files to .exe even the windows defender could stop https://answers.microsoft.com/en-us/protect/forum/all/windows-infected-by-a-exe-virus/54cd0c93-797f-42a9-9231-ee04bb83b675
  6. Windows svchost process

    in Windows 10 BSOD Crashes and Debugging
    Windows svchost process: Hi I have literally go not idea what's happening here but what bi have highlighted here is the svchost process, there's about 30 of these showing up.... Not using up cpu usage but its eating away my memory. Anyone have a clue what is going on and how I can sort this out....
  7. Error with svchost

    in Windows 10 BSOD Crashes and Debugging
    Error with svchost: I have been recieveing messages for the past two or three days now. When I go full screen, this message randomly pops up. "svchost.exe - application error The instruction at 0x00007FF8A305C686 referenced memory at 0x00007FF8C82D1A78. The memory could not be read. Click...
  8. Svchost virus?

    in AntiVirus, Firewalls and System Security
    Svchost virus?: Hi i just discovered the svchost trojan and have a few questions is it a rootkit virus and will completely wiping my hard drive destroy it....
  9. svchost high usage

    in Windows 10 BSOD Crashes and Debugging
    svchost high usage: I have a HP-omen 17. Recently I have been observing high cpu usage under the name of one/two unnamed process related to svchost.exe. The problem started recently with sudden high usage of cpu during pc start up. These process have to be terminated each time individually. The...
  10. svchost

    in Windows 10 BSOD Crashes and Debugging
    svchost: An aplication in the path C:\Windows\syswow\ is running in the background and it consumes 60% of my cpu how to i stop it? I think it as something about Net Framework our something like that but im not sure. My Windows version is 1607...
Tags: