HELP!!! how to Remove Svhost.exe running as user's program MALWARE/trojan not detected

[PHC-HEsh]

na scan ko at SWAK PAK di sya related sa system process at Malware nga talga kaso di ma detect ng Windows Defender!

 

[PHC-HEsh]

yun Katay sa Rkill

 

[PHC-HEsh]

log file

Rkill 2.9.1 by Lawrence Abrams (Grinler)
You do not have permission to view the full content of this post. Log in or register now.
Copyright 2008-2021 BleepingComputer.com
More Information about Rkill can be found at this link:
You do not have permission to view the full content of this post. Log in or register now.

Program started at: 07/21/2021 12:53:15 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\sijpa\AppData\Local\Wox\app-1.4.1196\Wox.exe (PID: 3316) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\sijpa\Desktop\rkill\rkill-07-21-2021-12-53-22.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 You do not have permission to view the full content of this post. Log in or register now.
0.0.0.0 You do not have permission to view the full content of this post. Log in or register now.
0.0.0.0 You do not have permission to view the full content of this post. Log in or register now.
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 You do not have permission to view the full content of this post. Log in or register now.

Program finished at: 07/21/2021 12:53:33 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

 

[arsenal1205]

Virus nga TS. Nag panggap lang na SVCHOST na legit. Ganyan nangyari sakin dati. Ginawa ko lang nag scan gamit MALWAREBYTES. Mag scan ka TS gamit MALWAREBYTES

 

[Scavenger]

malware impersonating as a regular windows service.. tsk3
clever and effective.. buti na fix mo na boss..

 

[PHC-HEsh]

di kopa na fix bro Windows 11 gamit ko dinikit nya sarili nya sa OS ko di ko alam san ng galing napaka weak ng windows defender animal di nya ma detect

 

[PHC-HEsh]

maganda bah ang malwarebytes paps?

 

[PHC-HEsh]

animal anjan parin paps

 

[PHC-HEsh]

sha256 sya ang nag send ng password saved sa MSEdge ko sa ip adress na 192.168.x.x na log in page na user: sha256 tapos walng password

 

[PHC-HEsh]

Tulong muna mga paps paano patayin mga toh

 

[Scavenger]

[XX='PHC-HEsh, c: 1381529, m: 339920'][/XX] ah akala ko na fix mo na sa Rkill na yun..
mahirapan yata ma detect ni windef kasi akala nya legit process.

na try mo ba yung suggestion sa taas, maganda yun or roguekiller pwede din

 

[PHC-HEsh]

[XX='Scavenger, c: 1381726, m: 340825'][/XX] try ko paps

 

[Flowerbean]

[XX='Scavenger, c: 1381726, m: 340825'][/XX] try ko paps

sir malware din po ba 'to?

 

[bingjalz]

kumusta na to? buhay pba PC pgka remove neto?

 

[PHC-HEsh]

pasensya ngayun Ko lang na balikan ang thread. ne reinstall ko boung windows. kase nababadtrip nako. tapos before mag saksak ng kahit ano. tinibayan ko muna ang Windows def kase maganda na ngayun ang windows defender. cloud base na sya

 

[POPiO]

pasensya ngayun Ko lang na balikan ang thread. ne reinstall ko boung windows. kase nababadtrip nako. tapos before mag saksak ng kahit ano. tinibayan ko muna ang Windows def kase maganda na ngayun ang windows defender. cloud base na sya

dont settle for less lodi

better mag kaspersky internet secuirty ka
pra while browsing ng internet
protected ka