What the fuck? I just got this message saying that GcrveqzldwoI stopped working. Then I clicked okay to exit out of the window and this popped up.
[IMG]http://filebox.me/files/m42gv53iw_Untitled.png[/IMG]
Anyone know what this is?
Virus?
Random name trying to modify ntdll.dll.
Virus.
Poorly coded one.
How do I make it go away? :(
[QUOTE=Eight Bit;17035729]How do I make it go away? :([/QUOTE]
Check startup entries (registry and folder based) if it shows up again look in taskmgr and see if you can trace its location.
Show all etc
[editline]09:57PM[/editline]
Why is there an service host startup? :raise:
[QUOTE=Eight Bit;17035842]Ugh.
[IMG]http://filebox.me/files/9rw6ticpy_Untitled.png[/IMG][/QUOTE]
svchost.exe. It's not running on my 7 install and i think even if it does it's a system process. And it's located in AppData?
So you rate me disagree even though it was the problem? Morons.
And in %appdata%?
Delete that.
[editline]09:59PM[/editline]
The svchost.exe that is and its entry.
[editline]09:59PM[/editline]
But first gimme the full path to it. I want to know where it's at.
Done. Should I end the process?
[QUOTE=Eight Bit;17035971]Done. Should I end the process?[/QUOTE]
Yes. And delete the file.
Alright. Done. Thanks for the help Panda.
I reccomend you install Spybot's TeaTimer. It's a pretty useful program that basically forces ALL registry changes to not happen unless you approve of them through an alert box it gives you:
[img]http://www.safer-networking.org/images/howto/residentteatimer-en.1.png[/img]
It does appear to take up a modestly good bit of memory though for a program that runs in the background, about 95-100mb of memory (firefox 3.5 takes up about 56mb with two tabs open). As long as you have atleast 2-4gb of ram though it really shouldn't be an issue though.
If you install it, and if you ever get that dialog box to pop up seemingly at random (i.e. when you are not installing a program), then deny the change and turn off your computer/reset it to prevent whatever virus you caught from seeding itself into your registry.
Will Spybot interfer with NOD32? I have the security suite, which comes with the antivirus, antispyware, and firewall. I know you can't run two of these at once right?
Not sure. I think on the spybot installation you can choose to just install Tea Timer and nothing else.
Or, you might have to install spybot, never have it run or anything unless you want to do a scan with it.
Tea Timer though isn't really an AV type thing as far as I know, it just blocks all changes to the registry unless you approve them. So I think you'll still be able to run it and NOD32 at the same time.
AFAIK you can have as many antispyware programs as you like, it's the real-time scanners in AVs that cause conflicts when you have more than one. I've never seen spybot conflict with other security programs.
I use comodo firewall, it has defense+ that's what tea timer does, but prettier lol :D
IIRC svchost allows DLLs to be executed or something.
[QUOTE=nos217;17049364]IIRC svchost allows DLLs to be executed or something.[/QUOTE]
If you think harder you can find what's different about this svchost and the real one.
^I presume the thing is that it's started in user mode instead of a local network or system service. At least my guess.
[QUOTE=Panda X;17050229]If you think harder you can find what's different about this svchost and the real one.[/QUOTE]
The description next to it is awfully shady.
[QUOTE=Panda X;17050229]If you think harder you can find what's different about this svchost and the real one.[/QUOTE]
Legit svchosts aren't ran through the user.
[QUOTE=KrAzY_nikomo;17053503]Legit svchosts aren't ran through the user.[/QUOTE]That, and the description on legit svchosts is "Host Process for Windows Services"
Sorry, you need to Log In to post a reply to this thread.