Re: svhost - NOT svchost
From: Vanguardx (see_signature)
Date: 08/28/04
- Next message: ViperKi: "Recurrent Windows Shutdown"
- Previous message: NoNoBadDog!: "Re: system shutdown"
- In reply to: The Revd M Komor: "svhost - NOT svchost"
- Next in thread: The Revd M Komor: "Re: svhost - NOT svchost"
- Reply: The Revd M Komor: "Re: svhost - NOT svchost"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 27 Aug 2004 19:04:55 -0500
"The Revd M Komor" <a@b.com>
wrote in news:412fa11b$0$2891$ed2619ec@ptn-nntp-reader02.plus.net:
> Hi
> Can anyone tell me authoritatively if svhost.exe is a virus, or part
> of the updating mechanism for XP?
> Thanks
A good place to look to check if a filename might be a virus is to check
the web sites of the anti-virus makers. For example, just go visit
http://securityresponse.symantec.com/avcenter/vinfodb.html and search on
"svhost". However, a filename can never designate whether or not the
file is a virus. YOU could rename autoexec.bat to svhost.exe. The name
is unimportant. The viruses have signatures whether in the file they
infect or in the content that gets put into memory when the file gets
loaded or compiled (i.e., at some point, it has to get into memory to
effect its payload). Or are you claiming that whatever anti-virus
product you use, which you didn't bother to mention, did not detect a
file named svhost.exe as infected under your presumption that filenames
dictated infected files? Is this a process you noticed in Task Manager
or a file you happened upon in Explorer?
If you suspected a virus, why didn't you then run a full scan of your
system using a recently updated anti-virus program? If you have an
anti-virus, why isn't it always loaded so its on-demand scanner can scan
memory to detect when a infected file gets loaded into memory or
something gets used to build the virus into memory? There are freebie
online scanners available from several of the anti-virus makers (most
probably require you to download an ActiveX control to run as a local
client that downloads the signatures and does the checking against your
files). Note that anti-virus products that only scan files can miss
some viruses. It is possible to hide a virus within file(s) but once it
gets loaded into memory then it can be detected. So the online scanners
are handy and scheduling a file scan using a local anti-virus product is
still recommended but you really need to have a local anti-virus program
that monitors memory. That is, you need the on-demand scanner provided
with anti-virus software that remains running while your computer is up.
So going the route of thinking the freebie online virus scanners should
find everything is driving blind and hoping the road is straight. Go
buy an anti-virus product and keep it updated daily if not more often.
If you want an authoritative answer then go buy anti-virus software.
Although I use Norton's, my vote goes to NOD32, then KAV, and followed
by the rest (Norton, McAfee, Panda, etc.). Most have trialware versions
so you can see what works for you. Pick one you will actually use as
selecting the one with the best coverage but which you won't use or
maintain or know how to use when infected renders it a worthless
anti-virus product. For example, there are 3rd party firewalls that are
far superior than the firewall included in Windows XP (and even in SP-2)
but even the included Windows XP firewall is better than no firewall.
Get protection software that you will actually use.
-- _________________________________________________________________ ******** Post replies to newsgroup - Share with others ******** Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject. _________________________________________________________________
- Next message: ViperKi: "Recurrent Windows Shutdown"
- Previous message: NoNoBadDog!: "Re: system shutdown"
- In reply to: The Revd M Komor: "svhost - NOT svchost"
- Next in thread: The Revd M Komor: "Re: svhost - NOT svchost"
- Reply: The Revd M Komor: "Re: svhost - NOT svchost"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
