svchost.exe - system error

Discussion in 'malware problems & news' started by estella, Aug 21, 2011.

Thread Status:
Not open for further replies.
  1. estella

    estella Registered Member

    Joined:
    Aug 21, 2011
    Posts:
    2
    Hi, This is my first time posting.

    I can't access my anti virus program (eset) and my computer keeps locking up. I have gotten the following message: "svchost.exe - system error The maximum number of secrets that may be stored in a single system has been exceeded.." When I try to do an eset scan I get a message about a missing kernel. When I tried doing the kernel fix on the eset website, it didn't work. I am not pleased that eset is closed over the weekend.

    Both a malwarebytes and GMER scans stopped before finishing....I think. aswmbr and DDS scans ran all the way through though.

    The GMER scan keeps disappearing after a little about a minute. But before disappearing the scan noted the following:

    1) Disk \Device\Hardisk0\DR0 TDL4@MBR code has been found

    2) ? C:\windows\system 32\drivers\afd.sys suspicious PE modification

    3) ? C:\windows\system 32\svchost.exe [3296] img.check (something I can't read my writing)mismatch: number of sections mismatched

    Also, the DDS .txt said the following: Warning: possible TDL3 rootkit infection !

    The dds attachment log listed 28 error messages since 8/14/11. I will not copy them unless I am requested to.

    Any suggestions or information would be appreciated.

    Thank you so much for reading this!!!

    Estella
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. estella

    estella Registered Member

    Joined:
    Aug 21, 2011
    Posts:
    2
    Thank you Cudni!
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    It is my understanding that it is hit or miss with Rootkit Detection & Removal. Recently someone was only able to Detect & Successfully Clean a TDL Rootkit variant with the Kaspersky Rescue Disk 10. It may be best to first try cleaning with Antivirus Rescue CD's such as the Kaspersky Rescue Disk 10.
     
  5. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    Malwarebytes isn't great for TDL which is unfortunate given how common it is. MBAM is great for others like Zbot though.

    As others have said, there are dedicated forums e.g. bleeping computer, geeks to go. TDL3 is quite easy to remove using OTLPE, so I'd try geekstogo if I were you.

    If you want to do it yourself with automated tools, and can deal with reinstalling if you have to - you could try TDSSkiller, Hitmanpro, then with Combofix:
    http://support.kaspersky.com/downloads/utils/tdsskiller.exe
    http://www.surfright.nl/en/hitmanpro
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Afterwards followup with Dr Web.
    https://www.freedrweb.com/download cureit/gr/?lng=en

    Alternatively, a boot disk antivirus won't hurt. They can take awhile though. Kaspersky, Avira, Dr Web, f-Secure - all make good ones. Dr Web takes the longest, but it does have a web browser ;)
     
Loading...
Thread Status:
Not open for further replies.