Home > Possible Infection > Possible Infection? Thousands Of Conhost.exe + Cscript.exe

Possible Infection? Thousands Of Conhost.exe + Cscript.exe

Would this be why - Tech Support 3 programs running in task manager without description or username - Tech Support Can't find your answer ? Andreea-Luciana OstacheSupport Team Leader[url][email protected][/url]www.bullguard.comDownload the Free Trial version of BullGuard Internet Security 16You have a BullGuard related problem? My conhost.exe has no description and neither does the csrss.exe.I have also noticed that there is an equal amount of schtasks,exe for each conhost.exe and cmd.*32 if that helps. Score 0 ex_bubblehead April 26, 2015 8:35:38 PM 1. Check This Out

Never run more than one scan at a time. Maybe like 20 minutes later I see Conhosts.exe and cmd,*32 pop up. Hmm... Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Symantec Iron Driver Device ID: ROOT\LEGACY_SYMIRON\0000 Manufacturer: Name: Symantec Iron Driver PNP Device ID: ROOT\LEGACY_SYMIRON\0000 Service: SymIRON . ==== System Restore Points =================== . https://www.bleepingcomputer.com/forums/t/537416/possible-infection-thousands-of-conhostexe-cscriptexe/

I advice you read this tutorial of mine and create a Windows 7 SR disk if you have not done so...As this may prove to be of use in the event Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where aswMBR will create MBR.dat file on your desktop.

  1. RP143: 11/23/2012 7:01:33 PM - Scheduled Checkpoint RP144: 11/25/2012 1:01:46 PM - Removed Compatibility Pack for the 2007 Office system RP145: 11/25/2012 1:03:45 PM - Configured MediaSmart DVD RP146: 11/25/2012 1:05:13
  2. Try ALL of the suggestions at the following two links, paying particular attention to the second opinion and rootkit scanner utilities.
  3. We have 460 days left on the sub, so not sure what that was about.
  4. I noticed conhost.exe and cmd.*32 kinda work together, so this one conhost.exe might be my problem, but I don't no what windows service or program is opening this is if any.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. OK +++++ PhysicalDrive1: Multiple Card Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! Score 1 Skynet2020 April 26, 2015 9:24:54 PM Is it possible for this virus or malware to jump hard drives? This particular bug apparently installs new malware on the PC even after running various anti-malware programs to rid of the previous malware.

Andreea Edit: I confirm that the link is OK to use. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe (iAnywhere Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))))) . . 2012-12-02 20:59 . 2012-12-02 20:59--------d-----w-c:\users\Default\AppData\Local\temp 2012-12-01 19:05 . 2012-10-30 23:5159728----a-w-c:\windows\system32\drivers\aswTdi.sys 2012-12-01

All Rights Reserved. Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\Users\Cyndy\PROGRAMS\COMODO\COMODO Internet Security\cmdagent.exe C:\windows\system32\svchost.exe -k NetworkService c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users.

I can't uninstall Java (version 6) and the app at the Oracle website that scans your computer to see if you have Java just enters an infinite loop. Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? Also, I see a lot of processes running. If the connection is not there use restore point you created prior to running Combofix.

This is normal and indicates the tool ran successfully. his comment is here As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged C: is FIXED (NTFS) - 920 GiB total, 737.704 GiB free. If using Vista or Windows 7 right-click on it and choose Run As Administrator.

Update for Microsoft Office 2007 (KB2508958) 8500A909_eDocs 8500A909_Help 8500A909n Adobe Flash Player 11 ActiveX AT&T Connect Participant Application v8.9.35 BPD_DSWizards bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Catalyst Control Center - Branding Catalyst Control Whenever I load into my OS. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/25/2012 5:13:09 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service this contact form A malware file in my registry, but the damn thing reactivates!!!

Login _ Social Sharing Find TechSpot on... So, while snagging the aforementioned key from the registry is relatively simple, I do not have access to a Windows 7 Install Disk. Step #2 above is very important.

SearchScopes: HKLM-x32 - {AABF41A3-6974-418F-98EA-763C20433EE4} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {AABF41A3-6974-418F-98EA-763C20433EE4} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: Norton Identity

Failure to reboot will prevent MBAM from removing all the malware.ESET Online Scanner:Note: You can use either Internet Explorer or Mozilla FireFox for this scan. Score 0 Can't find your answer ? Besides that, nothing to report. The cleaning process, once started, has to be completed.

If yours is not listed and you don't know how to disable it, please ask. If Norton use this tool: http://www.majorgeeks.com/Norton_Removal_Tool_d4749.html ===================================== Download RogueKiller on the desktop Close all the running programs Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator Otherwise just double-click DDS (Ver_2012-11-20.01) . http://scvanet.org/possible-infection/possible-infection-100-cpu.html Join the community here.