svchost.exe

i had a little trojan the other day infect my machine, also disguised itself as a windows process. luckily my software firewall piped up saying this process wants to talk to the outside world.

googled and destroyed.

damn crack sites are filled with em these days :/

er.. not that i was cracking anything.:rolleyes:
 
Svchost rolls up a bunch of the Windows services, including things like TCP/IP - thus the reason it's connecting to places.
 
Found this great app to check processes, much like Wintasks, but it's free, probably named after the developers girlfriend, it's great for killing processes such as a hanging game or whatever.

Daphne :)
 
Ekhaatvensters said:
svchost is totally normal windows service. just make shure its spelt right. The way some viruses work (mostly old ones) is to make a new proccess whihc has a very similar name to a common process and run that.

And its also normal for there to be a few of them in task manager. And they do eat alot of RAM.

However the attempt to get to some IP could be malicous.. dont really know how to check this.
Click to expand...

Get The Program 'Hijack This!' (It's Free)and run it it...Save the log and post it in the 'Internet Security' thread and ask someone who is familuar with the Program 'HiJack This!' to help you check it out and find any unusual processes/programs running on your computer...
 
Last edited:
Anyone know of any weird viruses or trojans that masquerade as this file in XP? Seems to be a legitimate windows system file but noticed its been downloading about 10mb of something, no idea what. Even when my pc's idle and nothing's running. Seems to make a connection as soon as I connect to internet. Even formatted and reinstalled but its still doing it. Anti-virus, Ad-aware etc don't pick anything up. Just got my firewall blocking it totally now which seems to be working but I'd still like to know what it is.
 
While this is certainly possible and is implemented in trojans such as "subse7en" and "Beast", it is extremely unlikely that this would last a format and new installation although it is possible through certain methods.
Certain services use svchost so it is likely you are just parrying out...block it and hide notification, if you really wanted to you could probably kill it by executing services one by one in the services.msc menu......I wouldn't do that though.
 
Beta said:
While this is certainly possible and is implemented in trojans such as "subse7en" and "Beast", it is extremely unlikely that this would last a format and new installation although it is possible through certain methods.
Certain services use svchost so it is likely you are just parrying out...block it and hide notification, if you really wanted to you could probably kill it by executing services one by one in the services.msc menu......I wouldn't do that though.
Click to expand...

Thanks, glad I'm not the only one that's still awake:) Easy enough just to leave it blocked anyway, sure stuff like Subseven would be detected by antivirus as well but you never know I guess.
 
Yeh,these things can all be rootkitted, dont forget, then even a famous app like subse7en wouldn't show up,very trivial to accomplish.
There are many processes that run as svchosts....my guess is it's just a windows process.
 
Beta said:
Yeh,these things can all be rootkitted, dont forget, then even a famous app like subse7en wouldn't show up,very trivial to accomplish.
There are many processes that run as svchosts....my guess is it's just a windows process.
Click to expand...

Was just the data transfer that made me wonder.
 
Hi guys, yes there is a virus (more like an adware actually) that operates under that name. The problem there are so many applications operating under that name that it makes it almost impossible not to temper with windows. What i can suggest is that you get a good ad-ware blocker/removes such as "Lavasoft AD-Ware Personal or Professional Edition". Set the program to deep scan. Hope this helps.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X