Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

svchost.exe cmd window appears spontaneously

Posted on 2006-06-15
9
Medium Priority
?
494 Views
Last Modified: 2013-11-18
My XP machine (fully up to date with patches and service packs etc) has suddenly started - for no reason that I can see - popping up on the monitor a command prompt window headed c:\windows\system 32\ svchost.exe. The window is waiting for command line input and its current directory is C:\windows \system 32, but otherwise it doesn't seem to do anything. This behaviour doesn't happen often - maybe once a day - but it kind of worries me that there is something nasty loose in the machine - can anyone enlighten me as what might be happening.
0
Comment
Question by:SteveHodge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 59

Expert Comment

by:LeeTutor
ID: 16911670
Follow the advice in this MSKB article to find out more about the processes that are running under svchost.exe:

http://support.microsoft.com/?kbid=314056
A description of Svchost.exe in Windows XP Pro

First, do this:

1. Click Start on the Windows taskbar, and then click Run.
2. In the Open box, type CMD, and then press ENTER.
3. Type Tasklist /SVC, and then press ENTER.


Then communicate back the list of processes running under svhost.exe.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 16911686
Just to be safe, I would do a full virus/trojan/spyware scan:  Some free online virus scanners:

http://housecall.antivirus.com 

http://www.pcpitstop.com/antivirus/default.asp 

http://www.pandasoftware.com/activescan/com/activescan_principal.htm 

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.
0
 
LVL 9

Expert Comment

by:AndreDekolta
ID: 16911696
Also, check again that you have all updates....What other software have you installed?  Any .NET stuff?  Programming stuff?

Andre...
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 14

Expert Comment

by:FriarTuk
ID: 16917889
see here for info on svchost
http://windowsxp.mvps.org/svchost.htm

you quoted "c:\windows\system 32\ svchost.exe" - there should not be a space between "system 32", search for all svchost.exe files on your pc, if found anywhere besides system32 or i386 or an $ntservicepack folder - then it is suspect
0
 

Author Comment

by:SteveHodge
ID: 16921390
Thanks experts

FriarTuk - thanks I checked all the svchost.exe files, none of them look wrong
System 32 was a mistype by me
Lee Tutor - ran spybot, adaware and McAfee. Got one trojan, and the usual crop of traclker cookies but nothing else nasty
When I run tasklist (with what ever switch, except the help one) I get "Error: Class not registered". What can i do about this???
AndreDeKolta - I sure I am up todate - everything is on auto-update, and the machine runs almost all the time

Steve
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 16925993
boot into safe mode & do full virus & spyw scans, scanning all folders & files, including compressed
reboot & check
then boot safe mode command prompt & run "sfc /scannow"
reboot & check
boot from xp cd into recovery console & run Repair option
0
 

Author Comment

by:SteveHodge
ID: 16967395
FriarTuk

"boot into safe mode & do full virus & spyw scans, scanning all folders & files, including compressed
reboot & check"

Did this - all clean, no change to problem, tasklist /sfc still says 'Error -class not registered'

"then boot safe mode command prompt & run "sfc /scannow"
reboot & check"

sfc would not run in safe mode. Ran it in normal mode, all clean. Tasklist still the same

Also ran rootkit revealer - nothing odd execpt some mysterious registry strings containing nulls, deleted them
No change, task list still the same. Otherwise OK

"boot from xp cd into recovery console & run Repair option"

Did this. completed OK, but windows explorer wouldn't run properly anymore (TKU Microsoft). Long, long delays before it did anything at all. But tasklist /svc still did not work when run from task manager - same error message

Restored system from backup, running OK now, but task list still doesn't work.

Complete re-install looks the only option; quite a pain, don't want to do it unless I am sure tasklist will tell me something useful about the original problem and/or the re-install will clear the original problem. (The tasklist issue must be something in the installation because I have a back-up install of XP on this same machine and on that one tasklist runs fine)

What do you think?
0
 
LVL 14

Accepted Solution

by:
FriarTuk earned 800 total points
ID: 16974312
hate to say it, but i agree - if you have an image or bkup that you can restore that works i'd use it

then update everything, including installing new apps, then make a new image/bkup
0
 

Author Comment

by:SteveHodge
ID: 17030192
Did the re-install - aargh!!. There was something nasty loose in the machine, exploiting outlook express. I caught it polling my (in-house linux based) mailserver once a second with addresses taken from outlook exprss, which I only use for some very specialised purposes, so no real harm done.

It has stopped now, the svchost pop up hasn't reoccured, and tasklist now works. Only reformatted the C drive. I hope it is not lurking in one of the other drives, but time I guess will tell

Steve
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question