BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]  
Forum Quick Jump
 
You cannot post new topics in this forum. Locked Topic Printable version of : Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]
[ << Previous Thread | Next Thread >> ]

dubba
New Member


Date Joined Feb 2010
Total Posts : 1
 
   Posted 2/7/2010 7:04 PM (GMT +3)    Quote: Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]Alert an admin about: Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]
Hi, can anyone please help me remove this ...thing that won't go away smhair
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:15, on 2010-02-07
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [VOIPlay] "C:\Program Files\VOIPlay\voiplay.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 3530 bytes
 
Thanks in advance,
David
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 2/23/2010 6:21 PM (GMT +3)    Quote: Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]Alert an admin about: Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]
if your problem still exisst.
post a combofix logfile:
www.bleepingcomputer.com/combofix/how-to-use-combofix
Back to Top
 

cherrycherry
New Member


Date Joined Feb 2010
Total Posts : 48
 
   Posted 3/12/2010 10:12 AM (GMT +3)    Quote: Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]Alert an admin about: Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]
Excellent post. It was pleasant to me.
Back to Top
 
You cannot post new topics in this forum. Locked Topic Printable version of : Avast! alert - win32 trojan/malware .../svchost.exe/[UPX]
 
Forum Information
Currently it is Saturday, October 25, 2014 7:22 AM (GMT +3)
There are a total of 60,697 posts in 13,332 threads.
In the last 3 days there were 1 new threads and 25 reply posts. View Active Threads
Who's Online
This forum has 36552 registered members. Please welcome our newest member, BigStone.
6 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard dosent update to latest versions (13)10/25/2014 3:59:32 AM (BigStone)
Errors, warnings, infections, trojans and junk (28)10/24/2014 9:41:58 PM (Deb1957)
Bullguard firewall blocks dns requests for virtual machine clients (3)10/24/2014 11:55:39 AM (leok)