"svchost.exe" and "rundll32.exe" are infwcted chrome extenstion keep installing itself "uTableFree"

%3CLINGO-SUB%20id%3D%22lingo-sub-2394419%22%20slang%3D%22en-US%22%3E%22svchost.exe%22%20and%20%22rundll32.exe%22%20are%20infwcted%20chrome%20extenstion%20keep%20installing%20itself%20%22uTableFree%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2394419%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Ehi.%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Emy%20computer%20got%20infected%20by%20a%20malware%20i%20cleaned%20almost%20everything%20but%20turned%20out%20i%20didnt%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Edisclamer%3A%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Ei%20have%20tried%20all%20the%20recommended%20malware%20removal%20and%20didn't%20work%20keep%20detecting%20that%20there's%20a%20viruses%20and%20it%20cleaned%20it%20but%20still%20there's%20one.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eso%20once%20i%20open%20my%20PC%20i%20got%20those%203%20things%20running%20by%20default%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284553iB179CA7B0140CDFC%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22image.png%22%20alt%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eand%20when%20i%20click%20on%20it%20to%20see%20exactly%20what%20is%20that%2C%20its%20%22%3CSTRONG%3Esvchost.exe%3C%2FSTRONG%3E%22%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image%20(1).png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284554iBF2576D4EC9A516F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22image%20(1).png%22%20alt%3D%22image%20(1).png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eand%20that%20process%20install%20everytime%20i%20open%20my%20PC%20a%20chrome%20extention%20and%20everytime%20i%20remove%20it%20once%20i%20restart%20my%20PC%20its%20installed%20again%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image%20(2).png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284555i09BCC9E182A0706E%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22image%20(2).png%22%20alt%3D%22image%20(2).png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image%20(3).png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284556iB1BC17B07F566D6F%2Fimage-size%2Fsmall%3Fv%3Dv2%26amp%3Bpx%3D200%22%20role%3D%22button%22%20title%3D%22image%20(3).png%22%20alt%3D%22image%20(3).png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eand%20as%20you%20see%20on%20the%202nd%20screeenshot%20the%20file%20bath%20when%20i%20go%20there%20and%20delete%20it%20it%20came%20back%20again%20over%20and%20over%20so%20no%20point%20of%20delete%20it%20manually%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eplus%20that%20all%20the%20malware%20apps%20says%20the%20my%20%22%3CSTRONG%3Erundll32.exe%3C%2FSTRONG%3E%22%20is%20infected%20as%20well%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image%20(4).png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284557i50F512A7FD272A54%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22image%20(4).png%22%20alt%3D%22image%20(4).png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image%20(5).png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284558iDB57CE51DC2F3FD8%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22image%20(5).png%22%20alt%3D%22image%20(5).png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eso%20i%20have%202%20main%20files%20is%20infected%20%22%3CSTRONG%3Esvchost.exe%3C%2FSTRONG%3E%22%20and%20%22%3CSTRONG%3Erundll32.exe%3C%2FSTRONG%3E%22%20and%20i%20don't%20know%20what%20else%20is%20infected%20and%20what%20can%20i%20do%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3Eplease%20help%20me%20with%20that%20problem%2C%20Thank%20you%20in%20advance.%3C%2FP%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2394419%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EForms%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHelp%20Please%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHelp%20Wanted%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emalware%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Forms%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuiz%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esvchost%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Evirus%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2396329%22%20slang%3D%22en-US%22%3ERe%3A%20%22svchost.exe%22%20and%20%22rundll32.exe%22%20are%20infwcted%20chrome%20extenstion%20keep%20install%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2396329%22%20slang%3D%22en-US%22%3Eanyone%20%3F%3F%3C%2FLINGO-BODY%3E
New Contributor

 

 

hi.

my computer got infected by a malware i cleaned almost everything but turned out i didnt

disclamer:

i have tried all the recommended malware removal and didn't work keep detecting that there's a viruses and it cleaned it but still there's one.

so once i open my PC i got those 3 things running by default

 

image.png

 

and when i click on it to see exactly what is that, its "svchost.exe"

 

image (1).png

 

and that process install everytime i open my PC a chrome extention and everytime i remove it once i restart my PC its installed again

 

image (2).png

image (3).png

 

and as you see on the 2nd screeenshot the file bath when i go there and delete it it came back again over and over so no point of delete it manually

plus that all the malware apps says the my "rundll32.exe" is infected as well

 

image (4).png

image (5).png

so i have 2 main files is infected "svchost.exe" and "rundll32.exe" and i don't know what else is infected and what can i do

please help me with that problem, Thank you in advance.

 
2 Replies

@naelmedhatyou're in the wrong place.

This forum is for the Microsoft Forms application.

 

What you see there is a malicious piece of software that is likely running as a service on your computer.

 

Svchost (that's actually contraction of 'servicehost') is the operating system component that's responsible for hosting (running and protecting) system services, that's why you see that one. Rundll is another system component of similar nature - that means whatever you're fighting has taken root and is actively using multiple metods to ensure you DON'T root it out.

 

The simple/cheap/fast route advice? Rely on your backup (or on your cloud copies of files) and get your PC wiped completely - reset it to factory settings by formatting the hard drive/reloading from image. In many cases, that's gonna be faster than trying to sort out what malware you picked up and how to remove it.

 

And then, have a think what potentially unsavory site you were on recently, and don't go there ever again.