SteveHodge
asked on
svchost.exe cmd window appears spontaneously
My XP machine (fully up to date with patches and service packs etc) has suddenly started - for no reason that I can see - popping up on the monitor a command prompt window headed c:\windows\system 32\ svchost.exe. The window is waiting for command line input and its current directory is C:\windows \system 32, but otherwise it doesn't seem to do anything. This behaviour doesn't happen often - maybe once a day - but it kind of worries me that there is something nasty loose in the machine - can anyone enlighten me as what might be happening.
Just to be safe, I would do a full virus/trojan/spyware scan: Some free online virus scanners:
http://housecall.antivirus.com
http://www.pcpitstop.com/antivirus/default.asp
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Also try these free programs to rid your system of spyware, trojans, and other malware:
http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy
http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware
I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches. Also make sure to download the most up-to-date data before you run the programs.
http://housecall.antivirus.com
http://www.pcpitstop.com/antivirus/default.asp
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Also try these free programs to rid your system of spyware, trojans, and other malware:
http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy
http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware
I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches. Also make sure to download the most up-to-date data before you run the programs.
Also, check again that you have all updates....What other software have you installed? Any .NET stuff? Programming stuff?
Andre...
Andre...
see here for info on svchost
http://windowsxp.mvps.org/svchost.htm
you quoted "c:\windows\system 32\ svchost.exe" - there should not be a space between "system 32", search for all svchost.exe files on your pc, if found anywhere besides system32 or i386 or an $ntservicepack folder - then it is suspect
http://windowsxp.mvps.org/svchost.htm
you quoted "c:\windows\system 32\ svchost.exe" - there should not be a space between "system 32", search for all svchost.exe files on your pc, if found anywhere besides system32 or i386 or an $ntservicepack folder - then it is suspect
ASKER
Thanks experts
FriarTuk - thanks I checked all the svchost.exe files, none of them look wrong
System 32 was a mistype by me
Lee Tutor - ran spybot, adaware and McAfee. Got one trojan, and the usual crop of traclker cookies but nothing else nasty
When I run tasklist (with what ever switch, except the help one) I get "Error: Class not registered". What can i do about this???
AndreDeKolta - I sure I am up todate - everything is on auto-update, and the machine runs almost all the time
Steve
FriarTuk - thanks I checked all the svchost.exe files, none of them look wrong
System 32 was a mistype by me
Lee Tutor - ran spybot, adaware and McAfee. Got one trojan, and the usual crop of traclker cookies but nothing else nasty
When I run tasklist (with what ever switch, except the help one) I get "Error: Class not registered". What can i do about this???
AndreDeKolta - I sure I am up todate - everything is on auto-update, and the machine runs almost all the time
Steve
boot into safe mode & do full virus & spyw scans, scanning all folders & files, including compressed
reboot & check
then boot safe mode command prompt & run "sfc /scannow"
reboot & check
boot from xp cd into recovery console & run Repair option
reboot & check
then boot safe mode command prompt & run "sfc /scannow"
reboot & check
boot from xp cd into recovery console & run Repair option
ASKER
FriarTuk
"boot into safe mode & do full virus & spyw scans, scanning all folders & files, including compressed
reboot & check"
Did this - all clean, no change to problem, tasklist /sfc still says 'Error -class not registered'
"then boot safe mode command prompt & run "sfc /scannow"
reboot & check"
sfc would not run in safe mode. Ran it in normal mode, all clean. Tasklist still the same
Also ran rootkit revealer - nothing odd execpt some mysterious registry strings containing nulls, deleted them
No change, task list still the same. Otherwise OK
"boot from xp cd into recovery console & run Repair option"
Did this. completed OK, but windows explorer wouldn't run properly anymore (TKU Microsoft). Long, long delays before it did anything at all. But tasklist /svc still did not work when run from task manager - same error message
Restored system from backup, running OK now, but task list still doesn't work.
Complete re-install looks the only option; quite a pain, don't want to do it unless I am sure tasklist will tell me something useful about the original problem and/or the re-install will clear the original problem. (The tasklist issue must be something in the installation because I have a back-up install of XP on this same machine and on that one tasklist runs fine)
What do you think?
"boot into safe mode & do full virus & spyw scans, scanning all folders & files, including compressed
reboot & check"
Did this - all clean, no change to problem, tasklist /sfc still says 'Error -class not registered'
"then boot safe mode command prompt & run "sfc /scannow"
reboot & check"
sfc would not run in safe mode. Ran it in normal mode, all clean. Tasklist still the same
Also ran rootkit revealer - nothing odd execpt some mysterious registry strings containing nulls, deleted them
No change, task list still the same. Otherwise OK
"boot from xp cd into recovery console & run Repair option"
Did this. completed OK, but windows explorer wouldn't run properly anymore (TKU Microsoft). Long, long delays before it did anything at all. But tasklist /svc still did not work when run from task manager - same error message
Restored system from backup, running OK now, but task list still doesn't work.
Complete re-install looks the only option; quite a pain, don't want to do it unless I am sure tasklist will tell me something useful about the original problem and/or the re-install will clear the original problem. (The tasklist issue must be something in the installation because I have a back-up install of XP on this same machine and on that one tasklist runs fine)
What do you think?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Did the re-install - aargh!!. There was something nasty loose in the machine, exploiting outlook express. I caught it polling my (in-house linux based) mailserver once a second with addresses taken from outlook exprss, which I only use for some very specialised purposes, so no real harm done.
It has stopped now, the svchost pop up hasn't reoccured, and tasklist now works. Only reformatted the C drive. I hope it is not lurking in one of the other drives, but time I guess will tell
Steve
It has stopped now, the svchost pop up hasn't reoccured, and tasklist now works. Only reformatted the C drive. I hope it is not lurking in one of the other drives, but time I guess will tell
Steve
http://support.microsoft.com/?kbid=314056
A description of Svchost.exe in Windows XP Pro
First, do this:
1. Click Start on the Windows taskbar, and then click Run.
2. In the Open box, type CMD, and then press ENTER.
3. Type Tasklist /SVC, and then press ENTER.
Then communicate back the list of processes running under svhost.exe.