From what you describe, it appears to be a flash drive infection.
Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable) and automatically executes a malicious autorun.bat file which calls wscript.exe to run autorun.vbs on your computer. When a flash drive becomes infected, the Trojan will infect a system when the flash drive is inserted if autorun has not been disabled.
by sUBs and save it to your desktop.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.Svchost.exe
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
is a generic host
process name for a group of services that are run from dynamic-link libraries (DLLs). This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs.
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location on your computer. In XP, the legitimate Svchost.exe file is located in your C:\WINDOWS\system32\
Other legitimate copies can be found in the following folders:
and a prefetch file located here: C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
If svchost.exe is running as a startup (shows in msconfig), this can be bad as shown here
Also make sure of the spelling
. If it is scvhost.exe
, then this a Trojan
Edited by quietman7, 05 October 2007 - 11:12 AM.