svchost.exe Virus consuming 1 Gigabyte Ram

nostro200

Estimable
Jul 22, 2015
7
0
4,510
I have this virus on my brother's laptop. I remember having it on my desktop years ago and managed to clear it out not before deleting REAL svchost and losing the Computer. (had to format HardDrive and reinstall windows :p)

My brother bought a new laptop because well, he is clumsy and his old laptop is dirty inside and heats up a lot and of course software junk making it slow... Particularly this virus makes it impossible to operate. To start repairing the laptop I started looking for answers on youtube and found this video which ended up to not be help enough and has a description kinda misleading (you can check for nostro200 comment to see what i'm referring on that part)

[video="https://www.youtube.com/watch?v=y8yyzxl-7lk"][/video]

I know that the Real svchost in is System32 Folder. So...couldnt find any svchost on Temp file...what's next? I'm too afraid of deleting the wrong file
 
Solution

nostro200

Estimable
Jul 22, 2015
7
0
4,510
actually I will check CCleaner. I always regarded malware programs not trustworthy, like inventing viruses just for you to buy the premium version. CCleaner is a good program tho, will give it a go with it...never heard of malwarebytes but will try that too
 

nostro200

Estimable
Jul 22, 2015
7
0
4,510
I'm having all this trouble but the laptop was already put aside. I guess I will just reinstall windows but for the sake of knowledge and wisdom I will try to fix this problem so when I see it in the future on my or any other computer I know how to fix it. So please don't consider this thread a waste, may actually help someone else in the future here in the forum.

 

nostro200

Estimable
Jul 22, 2015
7
0
4,510
I have the feeling most people with this problem did scans and found nothing. Then again its a clever virus, since it disguises itself as svchost, an important file name... That's why the solution is mostly made manually. Non the less I will give it a go with these programs :) Going slow tho ...only 4gb ram and a dual core cpu
 

nostro200

Estimable
Jul 22, 2015
7
0
4,510
Interesting news... svchost virus only allows me to close it 2 times, at 3rd time it gives error message "access denied", I guess it's some kind of defencive mechanism. I restarted the computer and instead of closing the process, I tracked down its service and lead me to Windows Defender. Stopped that service and voi la, virus is turned off. (turned the start up as Manual, it was on automatic)

Now, this problem is worse than I tought. The computer slowness can be tracked to what I suppose to be another virus, eating the cpu.
Lets have a look at this image... http://s6.postimg.org/wfyjojk2n/IMG_20150815_043839.jpg (note that the svchost is on about 100k of ram which is the normal usage, therefore real svchost)

I would like to state that the virus at this current stage is still in the computer somewhere in a folder that i don't know of (if I knew I would delete it) and therefore may be possible that it can somehow turn itself on...
 

USAFRet

Illustrious
Moderator


You can spend a week trying to 'fix' this
or you can wipe and reinstall, and be done a whole lot sooner. With guaranteed results.

Either way, the trick is not letting this happen again.
 
Solution

nostro200

Estimable
Jul 22, 2015
7
0
4,510
For some people it's more practical to undo the virus than to delete all their data in order to have a working pc again (and eve considering the cases where you back up the files, backing up terabytes of data for some people to make the reinstall isn't practical either)

I will call this and end since this post isn't about rundll32.exe

Thank you for your time!
:D