Solved! SVCHOST.EXE is hacked ????

[XAKEP]

I am not sure if this is correct forum and if not kindly move me.

Please help I am under some kind of attack and I didn't know for months ....... please I really don't know what is it but note time it's like every another second .... please ho do I make it stop. Also I checked program to looks at all programs that currently using some network connections ... some of this IPs I see in there iwht program name ....unknown ,,,,

Please help

 

[coastie65]

If Yoy haven't already, download, update and run the FREE versions of the following: www.malwarebytes.org & www.SUPERantispyware.com

 

[XAKEP]

Thank you for this software I just installed it and did scan nothing showed up. However this is scaring me I reinstalled BRAND new Windows 7 with Clean install with clean format of the drive. I installed only Drivers, system software AVG and some utilities. I checked AVG it was all fine no logs .....and just now I checked logs again. Just looks at time ....7 something per second ... and it's OUTBOUND ...what a hell is going on people I am cursed or what. Windows is clean all software are legit too including AVG ...please help I am losing hope in Windows ...(Ubuntu ?)

 

[XAKEP]

P.S.

Also look at all this IPs .....what a hell I am trying to send and ,,,,,damn I am just shocked to see this on brand new installation .... I did all scans nothing found ...please any Security Specialist can provide an advice because over 15 years in computer business I never saw anything like this.

Thank you guys. For new I"ll be using Ubuntu till I can be sure that windows is clean.

 

[coastie65]

I am unable to zoom the image to get a look at it. I would first have go and do some research anyway as there is a malware that looks remarkably like svchost.exe, although with a reformat and reinstallation it should have been removed. I don't know if this will work or not: Try Right clicking on the ip address and then copy. go to www.ipchecking.com. In the box paste the ipaddress and then click. It should tell you who or what is on the other end.

 

[XAKEP]

All IPs are like totally random. Also sometimes I see ip like 192.168.1.101 ..... I am really clueless. Also like I said before this is clean windows install on formatted drive with almost nothing installed but drivers and AVG. Here is image link to look at: http/i386.photobucket.com/albums/oo309/divxclub/help2.jpg

 

[mdd1963]

Install Glasswire; it will put in plain English where assorted connections are going to, and what program is reponsible, and let you block it with a single click...

 

[kapsey]

Svchost.exe is essentially a big box that Windows stores a bunch of smaller services in to save space. It's a part of the OS. Some of these services use the network to update and such, which is probably why you're seeing connections. It's a very common process to see running in your task manager and there's typically no reason to worry about it. May I ask what exactly it's doing to make you think it's hacked?

 

[PeterKendrick]

It doesn't necessarily mean it is hacked, because changes would require administrator privileges and also Windows doesn't allow changes to it's system file. Some of the SVCHosts are basically background services of Windows and connect to the Internet to perform their function (or upgrade) so it's normal. What you should be checking is (c:\Windows\System32\Drivers\etc\hosts) by editing it and checking if it lists any suspicious IP address.