SVCHost malware/virus removal

Discussion in 'Technical' started by AD1, Feb 28, 2018.

  1. AD1

    AD1 Monkey+++

    Monkeys It seem I have the SVCHost virus/malware I need help to remove it.

    I have tried this How to remove SvcHost.exe Malware (Virus Removal Guide) and several other methods to recover from this crap by No Joy.

    You can see the multiple instances of SVCHost running.

    Any suggestion other than starting for a clean install of W10 are welcome.

    I realized I just might need to bite the bullet and do it clean.

    I can not edit any videos for my real estate business with this crap running.

    Services Running.

    SVCHOST many running and F drive has activity.
  2. BTPost

    BTPost Old Fart Snow Monkey Moderator

    That is why Backups are so important... I would take the last Solid Backup, and install it on an external disc, then bring over the eMail, Calendar, Contact, and changed Data from the Old System to the newly created System from the Known Good Backup... Then make a complete Backup on the Old System, onto another External Disc, and then WIPE, AND REFORMAT that drive... Then copy the Updated Back to the Reformatted Drive, and boot it up, and confirm it is Virus Free, then I would see what is still missing on that drive, and move the missing Data to from the Backup of the Old System to the Newly created Main System, to get it up to date as possible, and call it GOOD....

    I have done the above a few time in the last two decades... Yes it is a SLOW Process, but if you do it right, you have recovered Most, if not ALL your Data and left the Infected OS behind... Rather than trying to find ALL the instances and hidyHoles that the Viruses can hide in on the infected System.... It used to take me a DAY of work to get things back up and Running but NOW I have multiple Bootable Partitions, and Backups that are cloned from the Main OS Drive and a Daily Basis rotating through each for the last week, so I am never longer than 6 Days behind NO matter what and usually only less than ONE Day behind... I keep a couple 8TB HDs just for this purpose, and well as a 1TB SSD where the One day Old OS Backup lives, that only comes ONLine, just for the Daily OS Backup, and then unMounts and goes Offline...
    AD1 likes this.
  3. AD1

    AD1 Monkey+++

    BT I have back ups running back several months. It seems that this little shit has been hiding here for a while.

    I may have to go way back to find a clean, but I just might be faster to just quit screwing wth this(3 days) and just do a clean install.
  4. BTPost

    BTPost Old Fart Snow Monkey Moderator

    Yep, and then slowly move the Data over, to bring it up to date...
    AD1 likes this.
  5. Tempstar

    Tempstar Praeclarum Site Supporter+

    Some are legit host processes and some are malware. In the short term, look at the PID to find which ones are running and stop them. Then leave the machine running. In windows, most virii need a restart to become viable. Then maybe see if you can edit with something on Linux. I use CasparCG for video edits without captions, and for playout on Linux.

    DOWNLOAD « CasparCG: Pro Graphics and Video Play-out System
    AD1 and 3M-TA3 like this.
  6. AD1

    AD1 Monkey+++

    Thaks sir. I am running Premiere Pro or Avid Media Composer...the high end stuff with tons of motion graphics.

  7. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    This is the real answer. IMO Windows IS a virus AND it sends data about your activities to MS to "improve your experience". I still need it on ONE machine for software I can't run otherwise (yet). I keep files and installation files on a NAS that virus scans and only the OS and applications on Windows, so I can rebuild when needed.

    Good luck @AD1 !
    Brokor and AD1 like this.
  8. AD1

    AD1 Monkey+++


    I am tossing in the towel and doing a clean install of W10.

    3 -12 hour days on the little bastard and I am done.

    Dual boot system
    1drive for video and photo work only

    2 drive for word, internet and all other things web related.
  9. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    If you haven't already done so don't forget that NAS since these are also work files. Since your viruseses are designed for windows a (typically) Linux based NAS is immune to them so the build in anti-virus is more effective than whatever you run on Windows. I have a $500 rack mount ReadyNAS currently with a pair of 3TB red label HDD's (expandable to 4x8TB).
  10. AD1

    AD1 Monkey+++

    Well I said FU-K IT. Pull the 7200 rpm drive, and just went with the 3 SSD drives. An IT friend is scanning the old drive to find and kill bugs.

    Well during all of this I some how got a “system partiton” on one of the data drives and no matter what I did I could not delete it.

    Even during the window 10 install i tried to make both data drives as unallocated but the install would alway dump part of the install on one of these other drives.

    Windows 10 will NOT let you format any drive with a “system” partition on it no matter what I tried.

    After midnight I tired to download a partitioning program on my laptop and guess what?

    Yep i installed some shit on it..... so now I am reinstalling the operating system on it too.

    Please dont tell me about what operating system I should install, i am stuck with W10 due to the programs I am running.

    Now to get to the point, what program or operating system can I put on a stick to override W10 prohibition on deleting system partitions. I will install these on a external drive to try to isolate them from them system.

    OK flog away
    Dunerunner and 3M-TA3 like this.
  11. DarkLight

    DarkLight Live Long and Prosper - On Hiatus Site Supporter

    You can use ANY live Linux distribution and virtually all of them can have the os moved to a usb drive.

    Once booted up you can use either gparted from a command line or a native gui tool.

    Are you partial to any flavor of Linux? If so, we can be a tiny bit more specific and prescriptive.
    Last edited: Mar 3, 2018
    3M-TA3 likes this.
survivalmonkey SSL seal warrant canary