You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- malware questions regarding i.) svchost.exe and ii.) Win32/Mebroot.K Trojan
Computer Security & Viruses/malware questions regarding i.) svchost.exe and ii.) Win32/Mebroot.K Trojan
Advertisement
Question
Hello there. I was wondering if you could help me with a couple of problems on my laptop (running Windows XP Home).
I recently installed the trial antivirus program 'ESET NOD32' and did a complete system scan, which showed 2 anomalies.
The log description for the first is as follows:
'Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\svchost.exe
Protocol: UDP Out
Details: \b1Microsoft Windows \bOhas loaded nvdesk32.dll into c:\WINDOWS\system32\svchost.exe \b1by using a registry based(AppInit_DLLs) hook which could be used by keyloggers to steal private information. \bO'
It also urged to check 'whether this is a valid library'. How do I do that, and is this a serious problem? If so, can it be fixed?
The second problem was given in the log as follows:
'Threat Found.
Object: MBR sector of the 1. physical disk
Threat:Win32/Mebroot.K trojan'
and also gave a message which I can't remember, but it was along the lines of 'ESET NOD32 cannot fix this problem.'
I looked on the web for info. about this problem and someone had posted in a forum that the program 'Cureit' would be able to fix this. Is this true, and will it clash with the ESET NOD32 program? (it was very specific during installation/setup to disable all other antivirus programs before installation.)
Currently, there is no problems with the actual running of my computer, though of course I realize that doesn't necessarily mean that everything will continue to go smoothly. I've backed up my important files just in case.
Any advice you can give will be greatly appreciated.
Many Thanks,
Tony.
Hi Tony
The first log says that NVIDIA Desktop Manager Hook Library is using application initiated DLL's, which are often used by keyloggers. In this case, the file is legitimate so you need not do anything further. The second message says that ESET found a trojan in the Master Boot Record of your hard drive. You can safely try Dr. Web's CureIt to remove the offender, as it will not interfere with Nod32. The link for CureIt is:
ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
It would also be wise to check your system with a HijackThis log. If you can copy one into a follow-up here, I can double check it for infection. The link is:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Brian
- Add to this Answer
- Ask a Question
| Rating(1-10) | Knowledgeability = 10 | Clarity of Response = 10 | Politeness = 10 |
| Comment | thanks a lot. clear and helpful advice. | ||
Related Articles
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.