is a generic host
process name for a group of services that are run from dynamic-link libraries (DLLs). It is not unusual for multiple
instances of Svchost.exe running at the same time.
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer.
If svchost.exe is running as a startup (shows in msconfig), it can be bad as shown here
. Make sure the spelling
is correct. If it is scv
host.exe], then your dealing with a Trojan
You can download and use Process Explorer
or System Explorer
to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location
. If you right-click on the file in question and select properties, you will see more details about the file.
In your case, this file was added as a startup created by the Salga-A, or Perlovga virus.
The "Cannot find...
", "Could not run..."
or "Error loading...
" message is usually related to a program (or malware) that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry
remains and is telling Windows to load the file when you boot up.
When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the registry entry, Windows will display an error message
. You need to remove this registry entry so Windows stops searching for the file when it loads.
To resolve this, download Autoruns
, search for the related entry and then delete it.
- Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
- Open the folder and double-click on autoruns.exe to launch it.
- Please be patient as it scans and populates the entries.
- When done scanning, it will say Ready at the bottom.
- Scroll through the list and look for a startup entry related to the file(s) in the error message.
- Right-click on the entry and choose delete.
- Reboot your computer and see if the startup error returns.
Then download and run the "PRT-Perlovga-Removal-Tool
After doing that, download Flash_Disinfector.exe
by sUBs and save it to your desktop.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.