1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Weird Stuff happening, not much hair left in my head to tear off at this point!

Discussion in 'General Software' started by de.das.dude, Feb 10, 2013.

  1. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,895 (4.84/day)
    Thanks Received:
    2,115
    okay, so i ran both the things in safemode and rebooted without the cable attatched. But as soon as i plugged in the cable and started opera, that svchost process started and went apeshit crazy again.

    The pc had gone normal but it got messed up to the previous mixed low quality mode appearance level. I ran tdsskkiller and it became normal, even though that didnt catch any threats or anything :(

    i guess i have no option now, but to reinstall the os.


    @ford, i have all updating stuff disabled from msconfig too. This one wasnt normal. It was an ip with 89.xx.xxxx something.
     
  2. Radical_Edward

    Radical_Edward

    Joined:
    Jan 24, 2010
    Messages:
    3,586 (2.03/day)
    Thanks Received:
    1,927
    Location:
    Oregon, USA
    I think you have possibly been affected by the drive by java exploit going around.

    It's time for a fresh install. and a better AV program. Also make sure to disable java unless you need it.
     
    de.das.dude says thanks.
    Crunching for Team TPU
  3. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,967 (6.24/day)
    Thanks Received:
    3,805
    Location:
    IA, USA
    I think you misunderstood me a while back. In Process Explorer, open the svchost using all the memory by double-clicking on it. In there, select the Services tab (NOT Task Manager). It will name all the services running in that service host. List them here and/or go into Control Panel -> Administrative Tools -> Services and stop them. the "Display Name" in Process Explorer should match the name of the service under Services dialog.

    One of the services is obviously having a problem. If you watch the svchost's memory usage in Task Manager while stopping the processes in Services dialog, it should be pretty obvious which one it is. Once you have a service nailed down, it should be easier to identify the cause.
     
    de.das.dude says thanks.
    Crunching for Team TPU
  4. McSteel

    McSteel

    Joined:
    Nov 19, 2012
    Messages:
    632 (0.85/day)
    Thanks Received:
    305
    You could try Combofix, as a last measure before resorting to a fresh install...
     
    de.das.dude says thanks.
  5. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,895 (4.84/day)
    Thanks Received:
    2,115
    okay guys, malware bytes and TDSSkiller fixed most of the stuff. everything other than that svchost process was fixed.

    Also, as it happens, i am afffected by that process whenever i open the browser and opera is trying to access the login page.
     
  6. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,895 (4.84/day)
    Thanks Received:
    2,115
    dont tell me its ALL the drives?
     
  7. hellrazor

    hellrazor

    Joined:
    Feb 18, 2010
    Messages:
    1,580 (0.91/day)
    Thanks Received:
    319
    I've had a problem with svchost like that that was due to a god-awful wireless card that would just decide it didn't want to be connected to the internet without telling anything. I used this to measure the latency it was causing, but I never did find a solution (without just disconnecting from the internet).
     
    de.das.dude says thanks.
  8. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,194 (7.74/day)
    Thanks Received:
    7,711
    Ok boss this is what you do.

    1. Right click the svhost and if its ANYWHERE other then the system32 folder its a virus.
    2. Download Kapersky Rescue Disk 10 and burn it to a DVD and boot from it. UPDATE the scanner once booted into the disk and mount all drives. Do a full scan on all partitions and go to bed.
    3. If it finds anything clean it off and run it again.
    4. I suggest you turn off Java via your router until you figure out what site is hitting you with an exploit.

    Chances are I think you are still infected by a root or something.
     
    de.das.dude says thanks.
  9. Drone

    Drone

    Joined:
    Sep 1, 2010
    Messages:
    2,844 (1.83/day)
    Thanks Received:
    1,612
    @ op You can check this
     
    de.das.dude says thanks.
  10. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,895 (4.84/day)
    Thanks Received:
    2,115
    i was running out of patience so i just reinstalled OS. lol.

    seems like it was some malware. but it had already done permament damage to the system.



    thanks for all your help.

    have some beer :toast:
     
  11. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,741 (9.81/day)
    Thanks Received:
    6,220
    Location:
    Chatsworth, GA
    In the end, A fresh OS is a good thing.
     
    Crunching for Team TPU
  12. Frick

    Frick Fishfaced Nincompoop

    Joined:
    Feb 27, 2006
    Messages:
    10,899 (3.41/day)
    Thanks Received:
    2,417
    [​IMG]
     
    de.das.dude says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page