Svchost.exe Infected

D

Dr@g0nic

Expert Member
Joined
Oct 11, 2006
Messages
1,654
Reaction score
4
Location
Somerset West, Cape Town
Hi guys,

I know that svchost.exe is a very important windows system file that cannot be removed. And if that file is to be infected with a virus it can't be cleaned, moved or deleted.

Is there any alternative way that I can clean this file or get a fix?

Help will be greatly appreciated.
 
Maybe try combofix. It's a nice utility and I always start with it first. :D

Just google for it.
 
Dr@g0nic said:
Hi guys,

I know that svchost.exe is a very important windows system file that cannot be removed. And if that file is to be infected with a virus it can't be cleaned, moved or deleted.

Is there any alternative way that I can clean this file or get a fix?

Help will be greatly appreciated.
Click to expand...

and edited or modified..
 
Judging from what your telling me now, I take it there's absolutely nothing I can do?

Someone told me now I can try copying the svchost file off a different pc, then go into safemode with command prompt then paste it into the c:/windows/system32 folder(which is where svchost is located).

So I suppose not even that will work?
 
the smart svchost infections happen in memory space, not in the executable itself, meaning the malware will scan and intercept the svchost process once it already running in memory, leaving the file intact so that an av scan does not detect it.

get outpost firewall, it runs a system guard that detects and warns you whenever some process wants to edit the memory space of another.
 
Maybe if you take the drive with the "broken" svchost.exe file and put it into another pc and get a 3rd drive with a windows install and put that in as well and copy it from the 3rd drive to your drive... Cause AFAIK, the svchost.exe file is always in use...

What is the problem you are having?

Edit:

the smart svchost infections happen in memory space, not in the executable itself, meaning the malware will scan and intercept the svchost process once it already running in memory, leaving the file intact so that an av scan does not detect it.
Click to expand...

If this is true, and I am not saying that it isn't, then the copy won't work... :o
 
Last edited:
So, take infected drive, insert into different pc, get clean drive insert that also into the same pc. Then copy svchost from clean drive to infected drive?

Legend: (just incase you get confused)
Infected
Different PC
Clean drive
 
Last edited:
Have you tried getting the specific cleaner for your infection?
 
Specific cleaner? Meaning?

Oh and btw the way, the virus that's infecting the file is bo:stack, but after that a trojan came to say hi aswell, also on that same file(I think it was on a different PC though)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X