# Anti-Virus for 64-bit



## GSquadron (Jul 11, 2010)

Hello guys!
I got a month since i got hit by a "svchost.exe" terrible virus and i have tried a lot of anti viruses with all updates like:
AVG
Symantec end point
Bit defender
But all don't catch the DAMN virus. Now i am really desperate of removing this virus with winrar. The virus seems to duplicate himself, so every time i delete it from D, it reappears again. Pls help me, if anyone of you has experience this type of virus before!


----------



## Radical_Edward (Jul 11, 2010)

Malwarebytes or MSE would take that out in a heartbeat.


----------



## GENTLEMEN (Jul 11, 2010)

Dunno about the svchost.exe but something similar happened to me. Got it from a USB stick. ALL folders had a "shortcut" in it (name of folder) and opening it made it open the My Computer page. Deleting them made them re-appear when I open the affected folder (ALL). Dunno exactly what I did, but safemode + Avast must've done something right.


----------



## Meow9000 (Jul 11, 2010)

svchost.eve is a legitimate part of windows, Or are you saying that a virus is masquerading as it or infected it ?

probably something like Win32/Conficker possibly, as that infects and hides itself in that .exe


----------



## Radical_Edward (Jul 11, 2010)

Meow9000 said:


> svchost.eve is a legitimate part of windows, Or are you saying that a virus is masquerading as it or infected it ?



I've run into quite a few nasty infections that like to "run" that about 4-8 times more than there should be in processes. (Maybe trying to hide itself as a legit exe?)


----------



## GSquadron (Jul 11, 2010)

+1 Radical 
Yeah you are totally right!
It consumes so much of processing power that i hardly open internet and there are a lot of svchost.exe in task manager, but only one changes from time to time! Like from 0% to 100% of processes T_T
Anyway, i click end process, but than the computer sound does not function as there is no sound card at all! And the windows theme changes like that old thingy of windows 2000 
PLS help me as i am very desperate in removing this virus.


----------



## Radical_Edward (Jul 11, 2010)

Okay, you need to download and run these two anti-malware/anti virus programs. 

http://www.malwarebytes.org/mbam.php

http://www.microsoft.com/security_essentials/

If your copy of windows isn't legitimate, don't bother with MSE. It WILL check if you have a legal copy before scanning your system.


----------



## GSquadron (Jul 11, 2010)

Ok! I hope this solves the problem!
Thank you!
Just for instance.... It already got 150 infected objects


----------



## Radical_Edward (Jul 11, 2010)

^
|

Stop watching porn.


----------



## TheMailMan78 (Jul 11, 2010)

+1 to MSE. Lightest anti-virus on the market.


----------



## Steevo (Jul 11, 2010)

I have been running MSE on computers at work and comparing it to AVG, Avast, Comodo, Norton, and a few others. While it lacks the seeming intelligence and finish of others, nothing escapes it, it does seem to have issues after a couple months of running with needing a reboot to clear itself and make things right where others like AVG are always on and switched on.


However for a lightweight laptop anti-virus or for machines with lacking specs it is great.


I give it 7/10 mushroom stamps.


----------



## Mussels (Jul 11, 2010)

TheMailMan78 said:


> +1 to MSE. Lightest anti-virus on the market.



MSE is my free choice as well, with kaspersky being the paid alternative i reccomend.


MSE plays nice, for example it detects some IP scanners i have as 'legal' but 'potentially dangerous' - it doesnt go and scream "OMG GENERIC.WIN32.NOTAVIRUS HAS BEEN DETECTED"


----------



## kid41212003 (Jul 11, 2010)

SO MSE is a better choice compare to AVG?


----------



## Kreij (Jul 11, 2010)

I like MSE better than AVG. Just my opinion though.


----------



## _JP_ (Jul 11, 2010)

I prefer any Anti-virus to AVG, just from personal experience, but then again this is just an opinion. 

Alek, I'm currently using ESET Smart Security. It's pretty good IMHO, low memory footprint, fast, also comes in 64-bit, so it's another option for you.

Using NOD32 doesn't cover all threats, as such Malwarebytes and/or other anti-adware is recommendable to install as well.


----------



## de.das.dude (Jul 11, 2010)

I'm using ESSET nod32 for the x64.

i got hit by a similiar svchost.exe virus, but i deleted by hand(anti vir sucked).
heres what i did.


* i ran "msconfig" from RUN.
*in that i checked that all the startup and services were the ones i installed. and lucky enough, i found a "AviraAnti Desktop bla bla" thing under startup. i unchecked it immediately. also noted its path. it was in system32 under a self created folder with giberish name.

*next i opened my windows in safe mode. opened winrar, and taskmanager.
*in the winrar, i went to the path of that thing and tried deleting it, it didnt let me.
*then i went to process tab of taskmanager and ended a suspicious looking svchost(luckily that was the one, or else i would have to do trial and error). immediately i deleted that virus from system32. and it happened. did a direct power off and restarted.

* that thing was dead

the really hard part was that thevirus was in the system32 and though it was an .exe it appeared as a folder.
also it wasnt letting any of the anti viruses i tried from scanning the system32!!


sorry for the lecture but this is a dire situation solver.


----------



## GSquadron (Jul 11, 2010)

I know that method, but i didnt use it, cuz the virus is still in your computer and there are some viruses who are "active" of which after dead they never appear again, like humans.
But there are some ADVANCEMENTS in "viruso-technology" that after killing them, they have left the babies to other files... So better not to risk it. Who makes the viruses knows for sure this method 
When i worked as an operator an informatics engineer told me that 
And still i am having ANOTHER PROBLEM with the thumbnails!!!
The names of the photos do not appear T_T
I know this is another kind of virus


----------



## qubit (Jul 11, 2010)

Reformat and reinstall to remove it. Don't waste time with anything else.

Then put Kaspersky Internet Security on and you'll be alright.


----------



## Radical_Edward (Jul 11, 2010)

Sounds like fresh install time to me.


----------



## twicksisted (Jul 11, 2010)

Radical_Edward said:


> ^
> |
> 
> Stop watching porn.



No way dude!!! porn FTW!!!


----------



## LittleLizard (Jul 11, 2010)

Avast. Period.


----------



## _JP_ (Jul 11, 2010)

If you're going for free, try the Comodo.
If you want payed stuff, try the ESET.

/My 2 cents


----------



## Baam (Jul 11, 2010)

I am using SUPERAntiSpyware free version. It does a nice job.

http://www.superantispyware.com/


----------



## Graogrim (Jul 11, 2010)

I'll toss my hat in for Microsoft Security Essentials. Easily it's the lowest impact product I've ever used, and by all reports it is among the leaders in effectiveness.


----------



## {JNT}Raptor (Jul 11, 2010)

Baam said:


> I am using SUPERAntiSpyware free version. It does a nice job.
> 
> http://www.superantispyware.com/




+1 to that....I bought it with lifetime updates.....very nice app. 

Nod32 64bit SS for me on the AV/Firewall side of things.


----------



## Kursah (Jul 11, 2010)

I use Avast 5.0 Home (Free Version) and Malwarebytes (free version for now). So far I've had very few issues, and what I have had was immediately detected and taken care of without issue or complications.

I'm actually considering purchasing Malwarebytes for the pure fact it works so damn well, and adding an active scanner and a one time $25 fee for an unlocked product is kind of interesting. Though since going to x64 I've experienced a massive drop in malware anyways...though I don't expect that to last.

Has anyone purchased the full version of malwarebytes and had experience with the active scanner? The price is nice in an arena full of much more expensive products, some with yearly leases and what-not...and considering how well it works for free I'm almost willing to buy it just to donate some cash their way to continue improving the product.


----------



## Steevo (Jul 11, 2010)

Ultimate lockdown for me was with Comodo, however it is annoying as fuck for about two months as it learns what is and is not threats.

Avast is good, but their new UI sucks, I cannot find my URL blocker anymore.

AVG is a good all around free antivirus-antimalware I have never had a problem with it except in the most hardcore of stupid users.


MSE works and keeps to itself and occasionally refuses to update, or doesn't finish a update correctly, it has caught all the crap that my idiots have found. Haven't tried it with the hardcore idiots, almost scared to.


----------



## TotalChaos (Jul 11, 2010)

as i didn't read each and every post the one thing I would also mention is to make sure System restore is turned off before cleaning otherwise all the previous restore points that are on your rig are likely infected as well


----------



## GSquadron (Jul 11, 2010)

@ _JP_
I have downloaded a trial of the kaspersky, but that is not for 64-bit 
Now i am ok, so i don't need any anti-virus programs.
Most of, i have always used my 64 bit windows xp without any anti-virus programs!
So my rig was very likely to be hit...


----------



## 95Viper (Jul 11, 2010)

Run a scan from a rescue disk or usb stick.

Kaspersky Rescue Disk 10

Download here:Kaspersky Rescue Disk 10 download

Run this, too:Kaspersky Virus Removal 
Tool 2010
Download here:Kaspersky Virus Removal Tool 2010 download

Run HijackThis and post the log, maybe you can be helped.


----------



## GSquadron (Jul 11, 2010)

I am SAVED man, so i don't need anymore help. Anyway thanks to all who suggest further, in order to help not only me, but all who need it!


----------



## _JP_ (Jul 11, 2010)

Aleksander Dishnica said:


> @ _JP_
> I have downloaded a trial of the kaspersky, but that is not for 64-bit



I think I mentioned ESET Smart Security, not Kaspersky. 

But it's good to know that your problems are over.


----------



## Perseid (Jul 12, 2010)

ComboFix to fix the current problem(but it's not a virus scanner).

As long as Windows actually boots up, you NEVER need to reformat and reinstall. There's always a way.


----------



## qubit (Jul 12, 2010)

Perseid said:


> As long as Windows actually boots up, you NEVER need to reformat and reinstall. There's always a way.



Unfortunately, that's just not true.

So many people make the mistake of thinking they can "clean" the PC of it. Malware is stealthy by nature and will try every trick in the book to stay on your computer, especially by using those nasty rootkits, which are nearly impossible to detect and remove, regardless of all the big claims by a/v vendors: they only have to miss one. Just one. And you'll never know. This leads to the following situation:

If the PC shows signs of malware, then you definitely have an infection.

If it doesn't and you're running a _hardware_ firewall (built-in router one will do) Windows has been clean installed (not an upgrade install) you've patched Windows and apps with all security updates, are running decent internet security software and don't put the PC in harm's way (run dodgy attachments etc) then you're _most likely_ to be ok. No guarantees over time, unfortunately.

Here's the crux of the matter:

*If Windows had an infection and you've "cleaned" it, you have no way to know if it's truly gone, however squeaky clean all the anti-malware programs think it is.* You also have no way of knowing what other malware is on there. This is because the chance of the malware hiding from your a/v program is very high. You also don't know what other changes it's made to your system files to leave your PC vulnerable and/or still infected. On top of that, once you get one infection, they tend to attract lots of others, like flies to shit.

Because of this, the only _guaranteed_ way to get rid of the infection, is to format the HD - all of it, regardless of how many partitions it has, with a boot disc of some kind (Windows setup disc and a quick format of each partition will do) and reinstall Windows from scratch. Any other action leaves you with a _huge_ chance of missing some malware and/or leaving the PC vulnerable due to corrupted system files and Registry settings.

Remember, when it comes to security, it pays to be a little paranoid.

Finally, make sure you have a backup of all your data before erasing anything!

As it says in my siggy, I'm an IT professional (don't take the joke advice _in_ the siggy though, lol  ). I'm giving everyone here good free advice that maximises your chances of having a PC free of malware. Do yourselves a favour and take it.

Any questions and feedback welcome.


----------



## Radical_Edward (Jul 12, 2010)

qubit speaks truth, even if you remove the malware, virus, etc. It can still leave open the same back doors it was feeding info through. Thus leaving you open to the same attacks or worse. 

A fresh install is the only way to know you are virus/malware free.


----------



## wiak (Jul 12, 2010)

Eset + MalwareBytes Anti-Malware + My Brain = Win!


----------



## Mussels (Jul 12, 2010)

Aleksander Dishnica said:


> @ _JP_
> I have downloaded a trial of the kaspersky, but that is not for 64-bit
> Now i am ok, so i don't need any anti-virus programs.
> Most of, i have always used my 64 bit windows xp without any anti-virus programs!
> So my rig was very likely to be hit...



what? why does it need to be x64? 32 bit AV has no limitations to an x64 one.


qubits message can be summed up much shorter:

Removing a virus/malware doesnt mean you've removed all the debris, or cleaned up all the damage. SInce that stuff is never normally going to go bad, there is no easy way to fix it - so format.


----------



## de.das.dude (Jul 12, 2010)

Aleksander Dishnica said:


> I know that method, but i didnt use it, cuz the virus is still in your computer and there are some viruses who are "active" of which after dead they never appear again, like humans.
> But there are some ADVANCEMENTS in "viruso-technology" that after killing them, they have left the babies to other files... So better not to risk it. Who makes the viruses knows for sure this method
> When i worked as an operator an informatics engineer told me that
> And still i am having ANOTHER PROBLEM with the thumbnails!!!
> ...




use something called, USBantivirus its got a wonderful windows repair tool with it which actually works.


----------



## GSquadron (Jul 12, 2010)

@mussels
Not that it doesn't work with 64-bit windows.
It only says a newer version of windows is needed for installation to continue!


----------



## 95Viper (Jul 12, 2010)

Aleksander Dishnica said:


> @mussels
> Not that it doesn't work with 64-bit windows.
> It only says a newer version of windows is needed for installation to continue!



Hmmm, you must have XP sevice pack 2 or higher to use it... guessing you don't?


----------



## GSquadron (Jul 12, 2010)

I have service pack 1 
Anyway not a problem for now....


----------



## qubit (Jul 12, 2010)

Aleksander Dishnica said:


> I have service pack 1
> Anyway not a problem for now....



You should install SP3 on it. No reason not to in this day and age.


----------



## twilyth (Jul 12, 2010)

I use Avira and Malwarebytes (paid version, with auto-scan).  I tend to prefer AV's that use heuristics in addition to standard signature searches.  Avira does.  I don't know about any of the names mentioned here.  I can say that I wouldn't even consider Norton/Symantec or McAfee.


----------



## qubit (Jul 12, 2010)

twilyth said:


> I use Avira and Malwarebytes (paid version, with auto-scan).  I tend to prefer AV's that use heuristics in addition to standard signature searches.  Avira does.  I don't know about any of the names mentioned here.  *I can say that I wouldn't even consider Norton/Symantec or McAfee.*



I can tell you that the latest Norton 2010 has been improved beyond all recognition. I've read a lot of comments about, so decided to try the one that came on the front of a computer magazine a while back. Malware updates can even come every few seconds now which is fantastic and it's no longer a resource hog. It really is a good product now and I can recommend it.

The version I've got has 6 months of updates.

I'm still using Kaspersky though, as I prefer that and I get it for free with my bank account.

McAfee's still crap though.


----------



## tianhui (Jul 13, 2010)

+1 to ESET

now i use free Avira Anti-Vir and just downloaded malwarebytes anti malware


----------



## FreedomEclipse (Jul 13, 2010)

qubit said:


> McAfee's still crap though.



from my understanding, its always been crap. back in 2001 I done a presentation about anti-virus/firewall software for college & McAfee was one of the packages i reviewed. they havent improved at all. detection rate is still pants. your probably better at looking out for signs of viral infection yourself then havin McAfee on your system.

Ive used Eset - their quite good but not great.

as everyone has said Norton 2010 is quite a good one. myself, i prefer kaspersky. Ive been using them since 2005 n never looked back


----------



## Steevo (Jul 13, 2010)

qubit said:


> Unfortunately, that's just not true.
> 
> So many people make the mistake of thinking they can "clean" the PC of it. Malware is stealthy by nature and will try every trick in the book to stay on your computer, especially by using those nasty rootkits, which are nearly impossible to detect and remove, regardless of all the big claims by a/v vendors: they only have to miss one. Just one. And you'll never know. This leads to the following situation:
> 
> ...



I run a 2 stores worth of network PC's and 90% of the time there is no need to format and reinstall. I watch our networks inbound and outbound traffic, get reports, alerts and real time traffic. 


What most users see as "scary" changes are the residual effects of a infection in system files. They are no longer infected, but the changes made to system files causes a change in the way windows works. For example a friend kept spreading a infection to his PC and his family as he kept reformatting but never cleaned his source and backups. He was having problems with steam and out of frustration he had me come over, a few minutes into a system file check and we found a few damaged files, replaced those and he was good to go.


Run a A/V client. Run Anti-malware. If you system still doesn't act right, or if you visit questionable sites then keep a clean slipstreamed disk and backup ready. But don't feel the need to reformat and reinstall for every little thing.


----------



## qubit (Jul 13, 2010)

Steevo said:


> I run a 2 stores worth of network PC's and 90% of the time there is no need to format and reinstall. I watch our networks inbound and outbound traffic, get reports, alerts and real time traffic.
> 
> 
> What most users see as "scary" changes are the residual effects of a infection in system files. They are no longer infected, but the changes made to system files causes a change in the way windows works. For example a friend kept spreading a infection to his PC and his family as he kept reformatting but never cleaned his source and backups. He was having problems with steam and out of frustration he had me come over, a few minutes into a system file check and we found a few damaged files, replaced those and he was good to go.
> ...



It's nothing to do with "scary" changes. The only way to be 100% sure you've got rid of it and haven't left any back doors on your system is to reformat. Period.

People don't always understand this, which is why I explained it in detail.

Imagine if the system is acting normally and there's a keylogger hidden by a rootkit, sniffing your passwords and sending data very sparingly out over an encrypted link how are you gonna know? You'll have a hard enough time tracking it down if you _do_ know it's there, let alone if you don't know.

It's an arms race, so with all your fancy technical knowhow and monitoring, these things can still get past you. It's enough to miss only one and you're in trouble. By all means maintain your scanning processes (the more the better) but once you find something, give yourself and your customers that peace of mind with a reformat.

You're right about scanning the sources and backups though. Just goes to show how sneaky this malware is.

Personally, I'd rather play it the safe way and guarantee that I've got rid of it. Keeping a system image on a write only medium like DVD is good for a known clean reference point.


----------



## Steevo (Jul 13, 2010)

100% way for me is a hex editor in in live distro looking at the disk for changes at the mount point, jump, and load. If the rest of the windows files are OK and the disk passes a chkdsk, defrag and isolation test with me watching its traffic, its clean.


Even a DVD distro can contain a pre-boot time rootkit that inserts itself with a different landing sector to hide its own files, and with a few of NTFS weakpoints you could hide it in space supposedly occupied by metadata and the system would know nothing.


But by looking at it in its raw format, by using a scanner like the alternate streams scanner in hijack this, and a basic rootkit tool that looks through metadata and other files at RING0 level with a few latentcy checks you can determine if you are running in a partial VM, or being intercepted.


I can clean anything.


----------



## qubit (Jul 13, 2010)

Steevo said:


> I can clean anything.



Even if you have the skills to look at things at this low level to tackle infections, you can't seriously give that out as advice for everyone to do this?

You are _very_ confident in your abilities...  I see a case of overconfidence here and I don't believe it's possible for any one person to outwit all of the world's malware writers all of the time.

The DVD will be 100% clean if you have a freshly formatted hard disc that has the OS installed and an image snapshot immediately made. How is malware gonna sneak in then?

No, it remains that my advice is the only sure way to clean malware off a PC: in short, don't tackle it, wipe it.


----------



## TheMailMan78 (Jul 13, 2010)

Steevo said:


> 100% way for me is a hex editor in in live distro looking at the disk for changes at the mount point, jump, and load. If the rest of the windows files are OK and the disk passes a chkdsk, defrag and isolation test with me watching its traffic, its clean.
> 
> 
> Even a DVD distro can contain a pre-boot time rootkit that inserts itself with a different landing sector to hide its own files, and with a few of NTFS weakpoints you could hide it in space supposedly occupied by metadata and the system would know nothing.
> ...


----------



## inferKNOX (Jul 13, 2010)

I work in a field where I come across anywhere from 10's to 100's to even 1000's of viruses a week from users looking for help cleaning out their PCs or Flash Drives and *I really recommend the antivirus:*
Avira AntiVir Personal - FREE Antivirus 10
which is essentially Avira Premium w/o some features, but with the same robust anti-virus features.
With Avira I've used my work PC for 2 years now without a single infection, even though I'm constantly connecting infected media.
*For a good firewall:*
Comodo Firewall (FREE)
Simply unbeatable firewall, but I don't think the Defence+ is necessary for someone on Win7 w/ UAC enabled as it gets a bit annoying. It also contains a Sandbox that quarantines untrusted programs, etc.

_With these 2 and good habits by the user, it's virtually impossible to infect a PC._

Some have said Avast is a good Avira alternative, but I've seen it to miss quite a few things Avira catches.
The only other option I trust other than these is Kaspersky Internet Security, if not Kaspersky 
AntiVirus + COMODO Firewall.

EDIT:
BTW, I've tested the antiviruses: ESET Nod32, Avast, Avira, Kaspersky, AVG, McAfee, Symantec (incl Norton), BitDefender, COMODO, Panda, Trend & Solo (+ a few others I've forgotten by now).
For firewalls I've tested ZoneAlarm, Outpost, Kaspersky (IS), Symantec/Norton (IS), and COMODO (+ a few others I've forgotten by now... I think).


----------



## Perseid (Jul 13, 2010)

qubit said:


> Even if you have the skills to look at things at this low level to tackle infections, you can't seriously give that out as advice for everyone to do this?
> 
> You are _very_ confident in your abilities...  I see a case of overconfidence here and I don't believe it's possible for any one person to outwit all of the world's malware writers all of the time.
> 
> ...



I think perhaps you're overestimating the power of viruses. If one can hide on my system undetected through even the most rigorous AV scans and manual analysis it sounds like, by your logic, I should just give up and accept my rootkit because there's no way I can keep my system clean.


----------



## qubit (Jul 13, 2010)

Perseid said:


> I think perhaps you're overestimating the power of viruses. If one can hide on my system undetected through even the most rigorous AV scans and manual analysis it sounds like, by your logic, I should just give up and accept my rootkit because there's no way I can keep my system clean.



They can indeed hide from the closest scrutiny. It only takes one, remember. And read my post again, I never said you can't keep your system clean.


----------



## Steevo (Jul 13, 2010)

You are on one end of this spectrum, I'm on the other.

Do I believe I can outwit all the malware creators? Yes, given enough time. However when the 10% or less of infections that I see can't be recovered easily I do reformat and reinstall. You suggestion sounds like a person needs to reformat and reinstall every time they get a virus popup warning or their system acts wierd, unconditionally as they will never be able to defeat the malware.


I trust my cleaning and system, but do watch a independant hardware firewall for active connections, by source IP and track such connections, if a rootkit was present and sending even the tiniest of data I would see it.


----------



## qubit (Jul 13, 2010)

Indeed, I don't fight them once they're on the system, but I've said this all along. Given the nature of malware's intentions (account lockouts, money theft, identity theft, nice things like that) I prefer not to take a chance and take the admittedly paranoid route and just nuke it on site.

With frequent data backups and a clean system image to slap back on, it really reduces the pain of a reinstall to a mere inconvenience.*

Having said that, what with my safe computing practices, I've only ever had one or two dodgy things happen to my systems in the last decade.

You obviously have quite some skill in flushing them out  and if we lived anywhere near each other, I'd be making a pain of myself and invite myself over to see how you do it. 

I'm glad you will take the nuclear option though and do a reformat if you can't flush it out. It's just that you can't ever eliminate the possibility of missing something and the dreadful consequences of that possibility, that cause me to take the nuclear option every time - and recommend everybody else to do the same.

Heck, now if I was_ really_ paranoid, I could reimage my PC every couple of weeks... 

*I have to confess, that while my data backups are excellent, I haven't bothered with a system image. And just go through the pain.


----------



## TheMailMan78 (Jul 13, 2010)

Steevo said:


> You are on one end of this spectrum, I'm on the other.
> 
> Do I believe I can outwit all the malware creators? Yes, given enough time. However when the 10% or less of infections that I see can't be recovered easily I do reformat and reinstall. You suggestion sounds like a person needs to reformat and reinstall every time they get a virus popup warning or their system acts wierd, unconditionally as they will never be able to defeat the malware.
> 
> ...



Steevo I would trust you to clean my rig. No that isn't a go ahead for homosexual intercourse. However I do not trust myself. Therefor a format we go!


----------

