RE: scvhost.exe virus/bug....also known as w32 worm blaster.

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Darrell Gorter[MSFT] (Darrellg_at_online.microsoft.com)
Date: 02/21/04 

Date: Sat, 21 Feb 2004 03:43:32 GMT

Hello Ryan,
First order the security CD which contains most of the security patchs. If
you decide to reinstall you can install the patches before connecting to
the Internet so as to reduce the amount or exposure that your machine is
subject to.
http://www.microsoft.com/security/protect/cd/order.asp

To look at the what processes are running in svhost open a command prompt.
>From the command prompt run tasklist /svc. This will show all the running
processes that are shown in task manager plus the what the hosted processes
are inside of each instance of Svchost.exe. To see which one is causing
the pain look at the PID number in task Manager and then locate that same
number in the output from tasklist.

Svchost.exe described in this article as well as the usage of tasklist
http://support.microsoft.com/?id=314056

Most of the processes running in svchost should not be killed. So killing
svchost could very well restart your system.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
| Content-Class: urn:content-classes:message
| From: "Ryan" <anonymous@discussions.microsoft.com>
| Sender: "Ryan" <anonymous@discussions.microsoft.com>
| Subject: scvhost.exe virus/bug....also known as w32 worm blaster.
| Date: Fri, 20 Feb 2004 17:58:40 -0800
| Lines: 53
| Message-ID: <1426501c3f81e$3a222750$a401280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcP4HjoiB0eJlmE+SryQySF33UXrPA==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.windowsxp.general
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.windowsxp.general:863909
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| i know alot of you have probably heard about this problem
| before and i know you have because ive been searching all
| over the internet for answers yet i find my "version" of
| this bug different from everyone elses that is posted.
|
| Details.
|
| IM running windows XP Pro. I just reinstalled windows
| because my windows had screwed up awhile ago. I did not
| reinstall OVER the old windows directory in fear of
| losing some of the imporatant info that i wanted to
| extract from the old windows before i installed the new
| one...so I have a second windows folder for the moment
| that is what im running off of.
|
| The main problem is the scvhost.exe proccess. When i do
| cnrl+alt+del i get a bunch of proccess that are suposed
| to be there but i see 4 scvhost.exe proccess being ran
| and 1 of them is taking a good 60% of my cpu power, that
| plus system and whatever else im running makes me have
| about 0% free cpu so games and such are ran very choppy.
|
| Anyways for those of you that know this worm is renoun
| because it gives you these messages every now and then
| that say your computer will restart in 60 seconds...then
| at the end of the 60 seconds it indeed does restart. Ive
| had some help from somebody and we changed remote
| procedure call so that the 3 tabs in recover to "take no
| action". That in made it so i dont get that message to
| restart in 60 seconds at random times. However it still
| happens if i try to end task on the file in task manager.
|
| The really really annoying part about this worm tho is
| its extreemly tought to get rid of. When you try to use
| windows update, or a virus checker they imidiately CLOSE.
| NO error message..they just close like somebody is
| CLOSING them by hiting the cancel button. Ive read in
| some forums and some people say the blaster is made to
| not allow windows update to patch it, but not even my
| virus checkers work.
|
| Anyways im really stumpted. I cant figure out how to
| delete it and i was thinking about reinstalling windows
| but the person i was talking to said it might just
| comeback again like last time.
|
| Anyways if i cant figure this out soon im going to have
| to reformat which is a big pain for me because i have so
| many programs. and 56k makes it very hard to redownload
| the updates and other various programs i need.
|
| Anyways any suggestions would be appriciated. If i find
| anything else out that works ill post it right away.
|

Quantcast