Solved

svchosts.exe  ?

Posted on 2003-11-14
7
22,985 Views
Last Modified: 2007-12-19
svchosts.exe      
Could this be a virus exe?
Registry also has a strange entry...

c:\winnt\system32\password.pid\@ftp@\yoy.exe dll32.exe pif.conf

thanks in advance...

0
Comment
Question by:bobesmithe
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750288
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9750294
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 125 total points
ID: 9750528
Check about that here

Check for this trojan

http://www.symantec.com/avcenter/venc/data/backdoor.zinx.html

Sunray
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Expert Comment

by:comworks
ID: 9762429
SVC host is not a virus, it is a part of Windows.

If you are getting svc host taking up a lot of memory or cpu, and you are using Sophos antivirus, this is probably a problem related to the new version of Sophos, go to the Sophos website to fix this.

If you dont have a problem, and are just wondering what it is, then dont delete it, it is required.

Process File: svchost or svchost.exe
Process Name: Service Host Process
Description: The Service Host Process is generic host process for services that are run from dynamic-link libraries (DLLs)
Common Errors: N/A
System Process: Yes

Cheers
Aaron Sneddon
Gremlin UK Ltd
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9843739
check this link, this is in different language but talk about this worm.
W32/Yoyks.A. Asunto: "Request Information" (YOY.exe)
http://www.vsantivirus.com/yoyks.htm

there are information to remove this, but it could not read since i do not know the language.
but could be makeout.
try to see the link and see if u could get rid of this worm.
0
 
LVL 1

Expert Comment

by:Mal-Tech
ID: 9872510
Man, every post has to have the all-confusing, endless list of spyware removers in the hope that one of the links will earn some points. Unfortunately, most of the time it's not the right answer and half of those listed programs are useless junkware.


That being said......

The following information is from one of 3 excellent startlist sites on the Internet. This is a description from Answersthatwork.com.
As you'll see svchost.exe can mean many things depending on where in your system it's located.

1. Service Host – Generic Host Process for Win32 Services. Windows 2000/XP only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command Prompt (MS-DOS Prompt – this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt).

Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting.

2. Many viruses masquerade themselves as SVCHOST to escape detection. Some have names that are similar, such as SCCHOST, while others actually drop a program file called SVCHOST in the Windows or Windows System directory.

Recommendation :
The first recommendation is a simple one : always have a good antivirus product which is regularly updated (automatically preferably) and always renew your updates subscription when it expires. To detect if you have a virus that calls itself SVCHOST, first see if it shows up in Starter – if it does, then it is almost certain you have a virus. Secondly, if you have Windows 95/98/ME rather than WinNT4/2000/XP, then it is almost certain you have a virus. Thirdly, go to "Control Panel \ Administrative Tools \ Services" and look for any of the following services – if you find any of them, then you probably have a virus : System Important Message service

Svchost.exe in Windows XP
http://support.microsoft.com/?kbid=314056

Svchost.exe in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1



0
 

Author Comment

by:bobesmithe
ID: 11017542
The process in question was svchosts.exe.......not svchost.exe.
Problem was definately svchosts.exe;  part of a backdoor trojan.
Thanks for all replies!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Admin File Share Access 9 82
Botnet C&C DNS response Malicious Traffic 28 185
Assess risks for an e-Payment system 15 106
some suggestions on Social Engrg tests 2 76
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now