J36#?^ 0 Posted November 2, 2014 Share Posted November 2, 2014 how do I get rid of dllhost and svchost malware? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted November 2, 2014 Administrators Share Posted November 2, 2014 Do you mean that ESET detected malware injected in the mentioned processes? If so, does updating the signature database to the most current version and running a disk scan cleans the malware from the disk? Is the malware detected in memory even after a computer restart? Link to comment Share on other sites More sharing options...
J36#?^ 0 Posted November 2, 2014 Author Share Posted November 2, 2014 ESET doesn't detect any malware. I have updated and scanned all disks. svchost.exe grows to several hundred MB. Once it reached 9 GB before I deleted it in task manager. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted November 2, 2014 Administrators Share Posted November 2, 2014 What OS do you use? Do you have the latest service pack as well as all hotfixes installed? Link to comment Share on other sites More sharing options...
J36#?^ 0 Posted November 3, 2014 Author Share Posted November 3, 2014 What OS do you use? Do you have the latest service pack as well as all hotfixes installed? Win7. Sp1. I've installed all updates. Sometimes other files grow. Once ekm.exe grew to 200 MG. I have to watch task manager and delete svchost.exe or dllhost.exe when they start getting too big. When ekm.exe bloated I had to reboot. Link to comment Share on other sites More sharing options...
LocknetSSmith 6 Posted November 24, 2014 Share Posted November 24, 2014 I've found that sometimes, to find something bad, you have know what is good, or normal in order to confirm whether malware is on a machine or not. I believe in the industry they call this looking for "anomalous characteristics." So I'd break out ProcExplorer, and check things out. You know that svchost.exe is a generic "host" process for running service DLLs - so that in of itself is not an indication that there is an infection. What else do we know? That it is consuming gross amounts of resources. That is somewhere to start, but for now, I'd check to see that the svchost.exe process in question is running from C:\Windows\System32, and that it has services.msc as its parent process. From there, confirm that it is in fact hosting DLL services. One thing I know for certain, is that on default installations of Windows 7, all service DLLs are signed by Microsoft. ProcExplorer will help you confirm these things. If the DLLs hosted in the svchost process taking all your resources are not signed, you know there's a problem. If the process itself is not running from C:\Windows\system32, there is a problem. If it's parent is not services.msc, you have a problem. If these things are all as they should be, it could just something non-malicious that has to be repaired. I've found that running chkdsk /f or sfc /scannow is often helpful for these sorts of non-malware related issues. If it is malicious, you could use the service script feature of SysInspector to put a stop to it, or HiJack This. Or by hand, using ProcExplorer, you could dig down to where the bastard is running from. Anyway that's my two cents worth. Link to comment Share on other sites More sharing options...
vahost 0 Posted February 24, 2016 Share Posted February 24, 2016 (edited) Malwarebytes has detected the virus and removed it but it keeps coming back especially after restarting and my ESET Pharmacy CPU usage reaches 100% again, i don't know why people are happy about anti virus/malware stuff, i think they're all useless, i suffered from iexplorer.exe virus once and tried all popular anti-virus software's but the virus kicked their ###### and i was able to remove it manually after lots of attempts. My advice is stay away from any suspicious sites or downloads and you will not need any anti-sh*t. Edited February 29, 2016 by vahost Link to comment Share on other sites More sharing options...
SweX 871 Posted February 24, 2016 Share Posted February 24, 2016 (edited) No one is "happy" about it, and everyone would rather use the system resources the products use for other tasks. Though people need to understand the bottom line which is that no product have a guarantee of detecting 100% for obvious reasons, no serious vendor claim that their product do. But the most effective "thing" we can use to counter malware and/or privacy threats is actually what we have inside our head, our brain, and it comes with a bonus that it does not require updates. But AV/AM is one thing, one can also use them together with other stuff like HIPS, sandbox, policy restrictions etc etc...Some products like ESET have features like that built-in. But most importantly, make backups, so even if ransomware (or something else) hits you or your drive may crash, you can restore the data from the backup. Staying away from suspicious/unknown websites and not download everything without a second thought is quite easy, but knowing if one of all the serious websites one may visit daily or weekly has been booby-trapped before you load them in a browser is another matter. Edited February 24, 2016 by SweX Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted February 24, 2016 Administrators Share Posted February 24, 2016 To start off, please provide me with the output from ESET Log Collector. Link to comment Share on other sites More sharing options...
Recommended Posts