Windows 10: Windows 10 svchost virus

FRST.txtAddition.txt
Here are both txt files

 

victor122,

Thanks for the reports.


Please try the following:

Press the Windows and R keys at the same time. This opens the Run box.
Type Notepad and click OK.
Next, please copy the entire contents inside the code box below to Notepad.

Code: Start CreateRestorePoint: EmptyTemp: CloseProcesses: GroupPolicy: Restriction - Windows Defender <======= ATTENTION C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461} C:\Users\Admin\AppData\Roaming\tor.exe Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X] Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? ?hr?me.lnk -> C:\Users\Admin\AppData\Roaming\Browsers\exe.emorhc.bat (No File) Task: {6C4DAD07-8BDC-4C35-A0ED-C91CBAE0BC26} - System32\Tasks\{034BCED7-1B5D-90E9-5A06-A9A295CA4F99} => C:\Users\Admin\AppData\Roaming\{59408139-9EFE-349B-1691-101637D4F461}\aitdgvten.exe [2017-01-03] (TechSmith Corporation) Task: {CD6DF866-8AC9-4D6C-A904-9975E75B6872} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Admin\AppData\Roaming\FreeVPN\FreeVPN.exe Reboot: End[/quote] Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



Next, run FRST and click Fix only once, and wait.


The tool creates a log: (Fixlog.txt)

Please attach it to your reply.

 

FYI: QQ is a Chinese chat program - I've used it myself quite extensively.

 

@dalchina,


When there is an [X] at the end of a listed service, that indicates that FRST could not find the files associated with the particular Service or Driver and has listed the ImagePath as it is in the Registry.

 

@victor122,

Please note, post number 15 was modified.

 

Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be in the Downloads folder (Running from C:\Users\Admin\Downloads) vs. the Desktop. They both need to be in the same place, preferably the Desktop.



Next, run FRST and click Fix only once, and wait.


The tool creates a log: (Fixlog.txt)

Please attach it to your reply.[/quote] Here is the logFixlog.txt

 

victor122,

Please update, any progress?

 

Not much progress... it stopped for now, but sometimes starts acting up again. Hopefully there will be a solution soon.

 

victor122,

Let's give this a try...

Please download HitmanPro (Sophos):
HitmanPro Malware Removal Tool: Secondary Anti-Virus Scanner | Download HitmanPro 3.7
Save to the Desktop.

Double-click the downloaded file to start the program.

When presented with a User Account Control prompt, click Yes to allow the installation.

When HitmanPro starts, click Next to scan for malicious software.

When it finishes it will display a list of the Identified Threats (malware) or other entries found (i.e. cookies, PUPs, etc.).
Click on Next and select the option: Activate Free License
This begins the free 30 days trial, and removes all the Identified files from the computer.

After the entries are removed, click on the Save Log option.
Save the HitmanPro log to the Desktop.

Please attach the content of the HitmanPro report in your reply.

Now, close the program, and restart the computer.

 

Here is the logHitmanPro_20170124_2132.log

 

victor122,

There are a bundle of items on the HitmanPro report.

Did you try delete them?

 

I have deleted them. I'll give it the day and see how effective it has been.

 

victor122,

If you wish, you can also download the ESET Online Scanner.

However, before you do so, please disable your security programs which include, but not limited to anti-virus, anti-malware, anti-spyware etc.

Additional information:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Next, download the Online Scanner:
Online Malware Detection | ESET
At the website, press: Scan Now

At the download prompt, press Save as, and select the Desktop, for convenience.
Next, select: Run
Also, please Accept/Agree to the promts to run the program.

At the main Online Scanner > Computer Scan Settings, check the following: Enable detection of potentially unwanted programs

Click: Scan

At the initialization prompt, let it download the virus signatures. It takes a few minutes...
After the signatures are loaded, Eset goes straight into scanning.

This may take quite a while, depending on the number of files on the drive scanned.

>> Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

After the Scan finishes, if no threats are found, place a check on: Uninstall application on close
Press: Finish

Please report that nothing was found.

If threats are found, the program lists the entries.
Press: Save to text file
Save to the Desktop for convenient reference.

Options are provided to select either Specific items, or Select all, and to press either Clean selected, or Clean all.

If you see something you do not want to remove, uncheck the entry, and press the Clean selected option.
If you are removing all the entries, use Select all, and the Clean all option.

Please attach the contents of the report in your next reply.

Note: Enable your security programs!!

 

Log.txt

 

victor122,

There are two trojans plus some potentially unwanted applications showing on the ESET report. Did you Clean all the entries?

Some stubborn stuff!!

To play it safe, let's run a basic check on the system, to see what is currently found.

Please use HijackThis:
Download Trend Micro HijackThis - MajorGeeks
Save to the Desktop.
Right-click the .exe file and select: Run as Administrator
Accept the License Agreement if you decide to run the program.

When the HijackThis console opens, press: Scan

Ignore the prompt about the Hosts file.
When done scanning, a log opens, press: Save log
Please do not take any other actions!!

Next, attach the HijackThis log in your reply.



Also download SecurityCheck to your desktop:
http://tools.safezone.cc/glax24/Secu...urityCheck.exe
Right click and select: Run as Administrator
When the program completes, the tool automatically opens a log.
Please attach the log in your reply.


It appears that Malwarebytes Anti-Malware Premium is geared to deal with these trojans.
Are you using the Free version, or the Premium version of MBAM?

If using the free version, please go to Control Panel > Programs and Features and uninstall it, for now.

Next, go to: Malwarebytes | Free Anti-Malware & Malware Removal
Download to the Desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
When presented with the following options, please check them:
*Enable free trial of Malwarebytes Anti-Malware Premium
*Launch Malwarebytes Anti-Malware
Click: Finish

If prompted to download and install an Update to the program, please do so.
Click the Settings tab and select Detections and Protections, and if not already checked place a check: Scan for rootkits
Next, select Scan now, or select Threat Scan from the Scan menu.

When the scan finishes, make sure that everything is set to: Quarantine
Click: Apply Actions
Click: View detailed log
Click: Export, select Text file (*.txt), and save the log to the Desktop.

Please attach the MBAM report in your reply.