Solved

svchosts.exe  ?

Posted on 2003-11-14
7
22,993 Views
Last Modified: 2007-12-19
svchosts.exe      
Could this be a virus exe?
Registry also has a strange entry...

c:\winnt\system32\password.pid\@ftp@\yoy.exe dll32.exe pif.conf

thanks in advance...

0
Comment
Question by:bobesmithe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750288
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 125 total points
ID: 9750528
Check about that here

Check for this trojan

http://www.symantec.com/avcenter/venc/data/backdoor.zinx.html

Sunray
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Expert Comment

by:comworks
ID: 9762429
SVC host is not a virus, it is a part of Windows.

If you are getting svc host taking up a lot of memory or cpu, and you are using Sophos antivirus, this is probably a problem related to the new version of Sophos, go to the Sophos website to fix this.

If you dont have a problem, and are just wondering what it is, then dont delete it, it is required.

Process File: svchost or svchost.exe
Process Name: Service Host Process
Description: The Service Host Process is generic host process for services that are run from dynamic-link libraries (DLLs)
Common Errors: N/A
System Process: Yes

Cheers
Aaron Sneddon
Gremlin UK Ltd
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9843739
check this link, this is in different language but talk about this worm.
W32/Yoyks.A. Asunto: "Request Information" (YOY.exe)
http://www.vsantivirus.com/yoyks.htm

there are information to remove this, but it could not read since i do not know the language.
but could be makeout.
try to see the link and see if u could get rid of this worm.
0
 
LVL 1

Expert Comment

by:Mal-Tech
ID: 9872510
Man, every post has to have the all-confusing, endless list of spyware removers in the hope that one of the links will earn some points. Unfortunately, most of the time it's not the right answer and half of those listed programs are useless junkware.


That being said......

The following information is from one of 3 excellent startlist sites on the Internet. This is a description from Answersthatwork.com.
As you'll see svchost.exe can mean many things depending on where in your system it's located.

1. Service Host – Generic Host Process for Win32 Services. Windows 2000/XP only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command Prompt (MS-DOS Prompt – this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt).

Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting.

2. Many viruses masquerade themselves as SVCHOST to escape detection. Some have names that are similar, such as SCCHOST, while others actually drop a program file called SVCHOST in the Windows or Windows System directory.

Recommendation :
The first recommendation is a simple one : always have a good antivirus product which is regularly updated (automatically preferably) and always renew your updates subscription when it expires. To detect if you have a virus that calls itself SVCHOST, first see if it shows up in Starter – if it does, then it is almost certain you have a virus. Secondly, if you have Windows 95/98/ME rather than WinNT4/2000/XP, then it is almost certain you have a virus. Thirdly, go to "Control Panel \ Administrative Tools \ Services" and look for any of the following services – if you find any of them, then you probably have a virus : System Important Message service

Svchost.exe in Windows XP
http://support.microsoft.com/?kbid=314056

Svchost.exe in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1



0
 

Author Comment

by:bobesmithe
ID: 11017542
The process in question was svchosts.exe.......not svchost.exe.
Problem was definately svchosts.exe;  part of a backdoor trojan.
Thanks for all replies!
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question