svChost

Status
Not open for further replies.
T

Taftaf

New Member
Thread author
Jun 1, 2020
5
Recently my PC has been acting up and been performing really slowly, despite it being a pricey bit of kit. I had also noticed that that my webcam light was turning on, and was being accessed by svcHost. After following the steps shown for removal of the would-be worm, it flagged up that I had a bitcoiner miner in use. I quarentined it, deleted it and restarted, only to have my webcam fire up immediately. This time my bullguard antivirus warned me that the firewall could not be launched, and I couldn't find my webcam using Process Explorer. The PC had also really started to slow despite their not being many programs running. Nothing was coming up no matter what antivirus software I was using, and it felt like my computer was fighting back at me when I was trying to close windows and even turn it off. I have no clue what to do and could really use some help or advice on the matter.

PC Specs:
I7 9900k
RTX 2070
16GB RAM
256 SATA SSD
 
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer


  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Let me know what problems persists.

Wait for further instructions
====
 
T

Taftaf

New Member
Thread author
Jun 1, 2020
5
Everything is attached. PC still feels slow, even on startup now -Thanks
 

Attachments

  • Addition.txt
    138.5 KB · Views: 5
  • AdwCleaner[S00].txt
    3.4 KB · Views: 5
  • FRST.txt
    162.7 KB · Views: 5
  • MBAM.txt
    1.2 KB · Views: 5
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • fixlist.txt
    6.6 KB · Views: 4
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

Something when wrong.
You posted the same as my Fixlist.txt

Please run the Fix again and post the Fixlog.txt that will be created.

Let me know what problem persists.
 
T

Taftaf

New Member
Thread author
Jun 1, 2020
5
Reattached - I have started to notice a significant lag in start up aswell as a blank black screen that happened once.
 

Attachments

  • Fixlog.txt
    15.1 KB · Views: 3
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,
Checking your log and it shows that nothing was found.

Please Right click the Farbar program and run it as an Administrator.
Click the Fix button and attach the fresh Fixlog.txt.

Let me know if the problem persists.
 
  • Like
Reactions: [correlate]
T

Taftaf

New Member
Thread author
Jun 1, 2020
5
Ran as administrator and uploaded
 

Attachments

  • Fixlog.txt
    15.1 KB · Views: 1
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,
Do you still have issues with this computer?
If so what?
 
Status
Not open for further replies.

Similar threads

Xeno1234
    • Wow
    • Like
  • Locked
Solved What should I do here?
Replies
27
Views
1,389
General Security Discussions
Jengo
Jengo
Xeno1234
  • Locked
Tried to check power consumption of my PC but it might be malware.
Replies
3
Views
309
Windows Malware Removal Help & Support
nasdaq
nasdaq
anayaochoa98
  • Locked
No Reply Browser Keeps Changing to Bing or Despite Default Browser Being Different
Replies
5
Views
481
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top