Solved

svchosts.exe  ?

Posted on 2003-11-14
7
22,990 Views
Last Modified: 2007-12-19
svchosts.exe      
Could this be a virus exe?
Registry also has a strange entry...

c:\winnt\system32\password.pid\@ftp@\yoy.exe dll32.exe pif.conf

thanks in advance...

0
Comment
Question by:bobesmithe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750288
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750294
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 125 total points
ID: 9750528
Check about that here

Check for this trojan

http://www.symantec.com/avcenter/venc/data/backdoor.zinx.html

Sunray
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 

Expert Comment

by:comworks
ID: 9762429
SVC host is not a virus, it is a part of Windows.

If you are getting svc host taking up a lot of memory or cpu, and you are using Sophos antivirus, this is probably a problem related to the new version of Sophos, go to the Sophos website to fix this.

If you dont have a problem, and are just wondering what it is, then dont delete it, it is required.

Process File: svchost or svchost.exe
Process Name: Service Host Process
Description: The Service Host Process is generic host process for services that are run from dynamic-link libraries (DLLs)
Common Errors: N/A
System Process: Yes

Cheers
Aaron Sneddon
Gremlin UK Ltd
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9843739
check this link, this is in different language but talk about this worm.
W32/Yoyks.A. Asunto: "Request Information" (YOY.exe)
http://www.vsantivirus.com/yoyks.htm

there are information to remove this, but it could not read since i do not know the language.
but could be makeout.
try to see the link and see if u could get rid of this worm.
0
 
LVL 1

Expert Comment

by:Mal-Tech
ID: 9872510
Man, every post has to have the all-confusing, endless list of spyware removers in the hope that one of the links will earn some points. Unfortunately, most of the time it's not the right answer and half of those listed programs are useless junkware.


That being said......

The following information is from one of 3 excellent startlist sites on the Internet. This is a description from Answersthatwork.com.
As you'll see svchost.exe can mean many things depending on where in your system it's located.

1. Service Host – Generic Host Process for Win32 Services. Windows 2000/XP only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command Prompt (MS-DOS Prompt – this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt).

Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting.

2. Many viruses masquerade themselves as SVCHOST to escape detection. Some have names that are similar, such as SCCHOST, while others actually drop a program file called SVCHOST in the Windows or Windows System directory.

Recommendation :
The first recommendation is a simple one : always have a good antivirus product which is regularly updated (automatically preferably) and always renew your updates subscription when it expires. To detect if you have a virus that calls itself SVCHOST, first see if it shows up in Starter – if it does, then it is almost certain you have a virus. Secondly, if you have Windows 95/98/ME rather than WinNT4/2000/XP, then it is almost certain you have a virus. Thirdly, go to "Control Panel \ Administrative Tools \ Services" and look for any of the following services – if you find any of them, then you probably have a virus : System Important Message service

Svchost.exe in Windows XP
http://support.microsoft.com/?kbid=314056

Svchost.exe in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1



0
 

Author Comment

by:bobesmithe
ID: 11017542
The process in question was svchosts.exe.......not svchost.exe.
Problem was definately svchosts.exe;  part of a backdoor trojan.
Thanks for all replies!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question