Find your solution!

Syst3mSh0ck · 04-Nov-2009, 05:56 PM #1

Hey guys wondering if you could shed some light on this issue.

I've just restarted my computer and after I login I noticed the "Computer" pane with my disks opens automatically, I tracked this down to the Autorun entry pointing to "D:\Ninja\Users\Syst3mSh0ck\AppData\Roaming\Microsoft\svchost.exe" now when I examine this file it says that it was previously called EXPLORER.EXE and created 3 months ago (when I installed the OS).

I have never known a Service Host process to be in the %AppData%\Roaming folder and the fact it is actually opening "Computer" when I run it seems very dodgy, I have submitted it to Jottie Online Scanner which checks the file with a multitude of AVs which turned out to be Clean, unless this is a valid error or a new virus out in the Wild.

I have Comodo Firewall running and it has not tried making any connections, so I am at a loss as to whether I should delete this or just leave it at just having removed the Autorun entry.

Input appreciated, thanks!

Phantom010 · 04-Nov-2009, 06:11 PM #2

You are most likely infected. You should click on the Report button and kindly ask to be moved to the Malware Removal forum.

And,

Please click here to download and install the HijackThis installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

Syst3mSh0ck · 04-Nov-2009, 06:23 PM #3

Nevermind, thanks for the advice, but I got rid of it and everything seems fine... God damn malware!

lunarlander · 05-Nov-2009, 02:16 AM #4

I don't think your PC is ok. How would that file get there in the first place? I wouldn't blame it on malware and not take further action to investigate this.

Syst3mSh0ck · 06-Nov-2009, 06:21 AM #5

Well I did some searching and it seems to be pointing to a registry issue. Also it could be a bug with Windows 7, although people using Windows XP were getting the same problem.

I did get a virus alert from Avast for a file a downloaded from isohunt.com (legally) so I suspect it may have been caused by that, the good news is that the file in question "svchost.exe" which wasn't a true Service Host but a direct copy of Explorer.exe renamed and placed in the Roaming directory was not trying to make any connections to the internet as per Comodo.

I'm a bit miffed really, thanks for your help.

Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hdmi hijackthis internet itunes keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router slow sound spyware trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: