svchost.ext hollow process

archellhen

New Member
Thread author
Oct 25, 2018
7
Hello, I have recently got 2 hollow processes. Like the others mentioned, I ran zemana and it only detected it without fixing it. MalwareBytes helped removing it but when i restarted the pc it was back again. I ended task manually and ran scan to get rid of it. But I keep getting reports from malware bytes about blocking websites.
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/18
Protection Event Time: 3:11 AM
Log File: 03c8ca80-d8bc-11e8-86fb-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: work.a-poster.info
IP Address: 37.1.206.139
Port: [51397]
Type: Outbound
File: C:\Windows\SysWOW64\svchost.exe



(end)
 

Attachments

  • Addition_26-10-2018 03.53.48.txt
    88.1 KB · Views: 65
  • FRST_26-10-2018 03.53.48.txt
    42.8 KB · Views: 64

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

archellhen

New Member
Thread author
Oct 25, 2018
7
Here.

Also I noticed whenever I restart my PC the default apps change back to the original as if I just reset the PC. Why is that happening?
 

Attachments

  • Addition.txt
    82.5 KB · Views: 60
  • FRST.txt
    40.2 KB · Views: 61

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Not sure why is that happening.


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    1.4 KB · Views: 61

archellhen

New Member
Thread author
Oct 25, 2018
7
Here is the fixlog
Also I got notified by malware bytes that it blocked another website
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/18
Protection Event Time: 3:11 AM
Log File: 03c8ca80-d8bc-11e8-86fb-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: work.a-poster.info
IP Address: 37.1.206.139
Port: [51397]
Type: Outbound
File: C:\Windows\SysWOW64\svchost.exe



(end)
 

Attachments

  • Fixlog.txt
    3.7 KB · Views: 61

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

archellhen

New Member
Thread author
Oct 25, 2018
7
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/30/18
Protection Event Time: 2:51 AM
Log File: fc731428-dbdd-11e8-8dd3-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7599
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: PUP
Domain: laserveradedomaina.com
IP Address: 176.31.115.114
Port: [57609]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top