Re: svchost.exe infected?

From: mikeh (mikeh_at_discussions.microsoft.com)
Date: 08/27/04 

Date: Thu, 26 Aug 2004 20:25:03 -0700

check the location of the file.

SVCHOST is in the system32 folder, often a virus will put a file of the same
name in a different directory.

If it is located in another directory, you shouyld be able to boot into safe
mode and delete it

"EnigmaZ" wrote:

> unfortanutely i'm 100% positive its svchost.exe :(
>
> "Touch Base" wrote:
>
> > check the file name again as a known virus uses a similar file name but is
> > actually called SCVHOST
> > not svchost which as you say is a major system file and if deleted may
> > cripple your machine.
> >
> > Backdoor.Sdbot.N is a Trojan Horse that is similar to Backdoor.Sdbot. The
> > existence of the file Scvhost.exe is an indication of a possible infection.
> > http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.n.html
> >
> >
> > "EnigmaZ" <EnigmaZ@discussions.microsoft.com> wrote in message
> > news:20B97594-1A47-4A94-81F2-DABA6B78F125@microsoft.com...
> > > Hello...first off thank you very much in advance, to everyone who replies
> > > and/or tries to help out :)
> > >
> > > Norton has been popping up its detected a virus... Backdoor.EggDrop
> > >
> > > The file infected is svchost.exe, i know this is a system critical file,
> > > which is why Norton doesnt have "access to the file" i'm assuming, so
> > > Norton
> > > is useless. I've tried everything I can think of. My friend tells me to
> > > delete svchost.exe, but i'm not sure that would be great for a critical
> > > file
> > > ;)
> > >
> > > If anyone can help me out or anything here please let me know, this is
> > > kind
> > > of my last restort :(
> > >
> > > Thank you,
> > > Joe
> >
> >
> >

Relevant Pages

  • Re: How to reinstall ...
    ... Thanks for the advice. ... my Norton anti virus partially removed this beast but completely. ... >>Dear Chuck, thanks for your most comprehensive answer. ... >>error in my original post, it is SVCHOST, not SVHOST. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Msconfig problem
    ... Delete the one in the system32 folder, it's probably a virus. ... Often times detection and clean up ... but that is because the bug or bugs are active and masking themselves from ...
    (microsoft.public.windowsxp.basics)
  • Re: WinXP SE: SvcHost (SYSTEM) process takes most of CPU
    ... I agree that this don't look like virus. ... > It would come in handy to know exactly which process of the SVCHost is ... > Check if you're able to download the process explorer from ... >> Arvi Laanemets ...
    (microsoft.public.windowsxp.general)
  • Re: WinXP SE: SvcHost (SYSTEM) process takes most of CPU
    ... I agree that this don't look like virus. ... > It would come in handy to know exactly which process of the SVCHost is ... > Check if you're able to download the process explorer from ... >> Arvi Laanemets ...
    (microsoft.public.windowsxp.basics)
  • svchost.exe
    ... found you missed a virus. ... Windows 2000/XP/2003 only. ... At startup SVCHOST checks the Services ... TLIST -s command from a Command Prompt. ...
    (microsoft.public.windowsxp.help_and_support)