Solved

svchosts.exe  ?

Posted on 2003-11-14
7
22,988 Views
Last Modified: 2007-12-19
svchosts.exe      
Could this be a virus exe?
Registry also has a strange entry...

c:\winnt\system32\password.pid\@ftp@\yoy.exe dll32.exe pif.conf

thanks in advance...

0
Comment
Question by:bobesmithe
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750288
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750294
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 125 total points
ID: 9750528
Check about that here

Check for this trojan

http://www.symantec.com/avcenter/venc/data/backdoor.zinx.html

Sunray
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 

Expert Comment

by:comworks
ID: 9762429
SVC host is not a virus, it is a part of Windows.

If you are getting svc host taking up a lot of memory or cpu, and you are using Sophos antivirus, this is probably a problem related to the new version of Sophos, go to the Sophos website to fix this.

If you dont have a problem, and are just wondering what it is, then dont delete it, it is required.

Process File: svchost or svchost.exe
Process Name: Service Host Process
Description: The Service Host Process is generic host process for services that are run from dynamic-link libraries (DLLs)
Common Errors: N/A
System Process: Yes

Cheers
Aaron Sneddon
Gremlin UK Ltd
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9843739
check this link, this is in different language but talk about this worm.
W32/Yoyks.A. Asunto: "Request Information" (YOY.exe)
http://www.vsantivirus.com/yoyks.htm

there are information to remove this, but it could not read since i do not know the language.
but could be makeout.
try to see the link and see if u could get rid of this worm.
0
 
LVL 1

Expert Comment

by:Mal-Tech
ID: 9872510
Man, every post has to have the all-confusing, endless list of spyware removers in the hope that one of the links will earn some points. Unfortunately, most of the time it's not the right answer and half of those listed programs are useless junkware.


That being said......

The following information is from one of 3 excellent startlist sites on the Internet. This is a description from Answersthatwork.com.
As you'll see svchost.exe can mean many things depending on where in your system it's located.

1. Service Host – Generic Host Process for Win32 Services. Windows 2000/XP only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command Prompt (MS-DOS Prompt – this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt).

Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting.

2. Many viruses masquerade themselves as SVCHOST to escape detection. Some have names that are similar, such as SCCHOST, while others actually drop a program file called SVCHOST in the Windows or Windows System directory.

Recommendation :
The first recommendation is a simple one : always have a good antivirus product which is regularly updated (automatically preferably) and always renew your updates subscription when it expires. To detect if you have a virus that calls itself SVCHOST, first see if it shows up in Starter – if it does, then it is almost certain you have a virus. Secondly, if you have Windows 95/98/ME rather than WinNT4/2000/XP, then it is almost certain you have a virus. Thirdly, go to "Control Panel \ Administrative Tools \ Services" and look for any of the following services – if you find any of them, then you probably have a virus : System Important Message service

Svchost.exe in Windows XP
http://support.microsoft.com/?kbid=314056

Svchost.exe in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1



0
 

Author Comment

by:bobesmithe
ID: 11017542
The process in question was svchosts.exe.......not svchost.exe.
Problem was definately svchosts.exe;  part of a backdoor trojan.
Thanks for all replies!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question