Solved

svchosts.exe  ?

Posted on 2003-11-14
7
22,987 Views
Last Modified: 2007-12-19
svchosts.exe      
Could this be a virus exe?
Registry also has a strange entry...

c:\winnt\system32\password.pid\@ftp@\yoy.exe dll32.exe pif.conf

thanks in advance...

0
Comment
Question by:bobesmithe
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750288
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750294
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 125 total points
ID: 9750528
Check about that here

Check for this trojan

http://www.symantec.com/avcenter/venc/data/backdoor.zinx.html

Sunray
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Expert Comment

by:comworks
ID: 9762429
SVC host is not a virus, it is a part of Windows.

If you are getting svc host taking up a lot of memory or cpu, and you are using Sophos antivirus, this is probably a problem related to the new version of Sophos, go to the Sophos website to fix this.

If you dont have a problem, and are just wondering what it is, then dont delete it, it is required.

Process File: svchost or svchost.exe
Process Name: Service Host Process
Description: The Service Host Process is generic host process for services that are run from dynamic-link libraries (DLLs)
Common Errors: N/A
System Process: Yes

Cheers
Aaron Sneddon
Gremlin UK Ltd
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9843739
check this link, this is in different language but talk about this worm.
W32/Yoyks.A. Asunto: "Request Information" (YOY.exe)
http://www.vsantivirus.com/yoyks.htm

there are information to remove this, but it could not read since i do not know the language.
but could be makeout.
try to see the link and see if u could get rid of this worm.
0
 
LVL 1

Expert Comment

by:Mal-Tech
ID: 9872510
Man, every post has to have the all-confusing, endless list of spyware removers in the hope that one of the links will earn some points. Unfortunately, most of the time it's not the right answer and half of those listed programs are useless junkware.


That being said......

The following information is from one of 3 excellent startlist sites on the Internet. This is a description from Answersthatwork.com.
As you'll see svchost.exe can mean many things depending on where in your system it's located.

1. Service Host – Generic Host Process for Win32 Services. Windows 2000/XP only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command Prompt (MS-DOS Prompt – this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt).

Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting.

2. Many viruses masquerade themselves as SVCHOST to escape detection. Some have names that are similar, such as SCCHOST, while others actually drop a program file called SVCHOST in the Windows or Windows System directory.

Recommendation :
The first recommendation is a simple one : always have a good antivirus product which is regularly updated (automatically preferably) and always renew your updates subscription when it expires. To detect if you have a virus that calls itself SVCHOST, first see if it shows up in Starter – if it does, then it is almost certain you have a virus. Secondly, if you have Windows 95/98/ME rather than WinNT4/2000/XP, then it is almost certain you have a virus. Thirdly, go to "Control Panel \ Administrative Tools \ Services" and look for any of the following services – if you find any of them, then you probably have a virus : System Important Message service

Svchost.exe in Windows XP
http://support.microsoft.com/?kbid=314056

Svchost.exe in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1



0
 

Author Comment

by:bobesmithe
ID: 11017542
The process in question was svchosts.exe.......not svchost.exe.
Problem was definately svchosts.exe;  part of a backdoor trojan.
Thanks for all replies!
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malicious software is nothing new. Viruses have been created and spread since before physical networks became popular; back then viruses spread via floppy disk and modem connections with shared systems. Viruses weren't so rampant and protecting your…
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question