svchost.exe hollow process in syswow64 folder

diimaan

New Member
Joined
May 30, 2018
Messages
2
OS
Windows 10
Antivirus
Microsoft
#1
I have two hollow process svchost.exe files running from the syswow64 folder! If I visit any antimalware website or antivirus website the web browser closes automatically!
Clipboard02.jpg

Clipboard01.jpg

Attached the screenshots of those two processes running. From terminal and task manager.
 
Operating System
Windows 10
Are you using a 32-bit or 64-bit operating system?
64-bit (x64)
Infection date and initial symptoms
21st of May 2018. High CPU usage and web browser closes when visiting antimalware and antivirus websites.
Current issues and symptoms
The issue still remains the same. But I can stop the processes from task manager by ending the task. After sometime they automatically reappear.
Steps taken in order to remove the infection
Windows Defender Scan yielded no malicious items. I ran zemana antimalware it detects two hollow processes but after repair they still appearing in the task manager. Ran latest MBAM it also did not detect anything. When these two processes are running I am not able to run any anti malware or anti virus applications.
Logs added to Help Request
FRST.txt, Addition.txt

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Joined
Mar 8, 2013
Messages
22,138
OS
Windows 10
Antivirus
ESET
#2
Hello,


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

diimaan

New Member
Joined
May 30, 2018
Messages
2
OS
Windows 10
Antivirus
Microsoft
#3
Here is the Fixlog file. After running the fix the lastpass extension in my chrome got deleted! Was it infected? Now I do not see those two processes in the task manager.

And what will be the best way to avoid such things happen in the future? Any recommended software or anti malware or anti virus application?
 

Attachments

Latest Posts

Latest Threads