• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Process HiJack and URL Blocking

EXCellR8

EXCellR8

Diamond Member
OS is Windows 7 Home Premium (64-bit)

I have a fairly recent Toshiba Satellite P-775 laptop that I am working on and I can't seem to sniff out the culprit of what appears to be a rootkit affecting one of the svchost.exe processes. When the computer is connected to the internet the CPU and HDD are hogged a little bit and antivirus flags and blocks a malicious URL constantly. Regular scanning hasn't really found anything so I think I'm looking at something a bit more complex.

The computer runs really well for the most part and the problem doesn't exist until the system connects online, and most times the connection fails eventually even though I know the network environment is working fine. Ran a couple of bootable AV programs as well with no luck. My guess is either it's a rootkit like I said or just some sort of other malware that I can't seem to pin-point, but it's definitely affecting the svchost.exe which is clearly hogging resources.

Any ideas on how I might resolve this issue?
 
With rootkits or particularly pervasive malware I generally speaking backup all the non-executable data on the machine, and then format it and reinstall the OS.

There's simply no good way to guarantee you've remove all malware once you've got some.
 
I agree 100%... and the data had been backed up in advance because I had a feeling I may need to wipe it out and start fresh. However, the one and only thing that picked up on the rootkit was TDSSKiller. Once the infection was 'cured' and the system was rebooted I no longer had any issues with resources being used and not one URL block message popped up. I also have no connectivity issues now.

There's a good chance that something is still lurking so I will monitor the processes and services; reinstall the OS if it comes to that. For now though it seems fine, at least nothing is taxing CPU and HDD... which is an SSD so I needed that unwanted usage fixed.

Thanks for the input!
 
Kaspersky Rescue Disc typically finds these. I also use RKill in safe mode and then try things like TDSS Killer (which seems to have worked for you). I still do a few offline scans just to be sure nothing is hiding in Windows.
 
It sounds like you got it, it'll be pretty obvious if anything comes back so keep an eye on it as you say and see how it goes. Any additional sign of infection and I'd fall back to the re-install option.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top