Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help: Svchost..exe, Anyone Would Have Done It!


  • Please log in to reply
5 replies to this topic

#1 Cat Guy

Cat Guy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 April 2008 - 02:02 PM

I know a lot of people don't like to read long posts, sorry, but a lot of this information is vital to fixing the problem:
I am running WindowsXP Home edition.
I've never really had to post on any forums asking for assistance with WindowsXP, but I am completely stumped at this point. Yesterday I downloaded AVG, because I was suspicious that my current anti-virus software wasn't working correctly, or wasn't filtering out viruses properly, my suspicions were correct. I found some virus in a suspicious file called 'svchost..exe'. I played around with winsock32.dll, kernel32.dll and shell32.dll to try to get rid of the virus manually. Needless to say, it screwed my internet connection up. I tried reinstalling the dll's from recovery console but no luck, so I repaired Windows (by reinstalling all of the system files with the WindowsXP disc). Afterwards I log on to my computer everything works fine for a while. So I decide to just delete the strange svchost..exe file, and everything still works fine and dandy, nor is it protected by Windows or being used. I run Hijack this! and to my surprise I find:

O4 - HKCU\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe

I delete it using Hijack This! as I'm sure many people would have done... then I download Windows XP Service Pack 3 RC 2, install it, and right as it finishes installing a message pops up: Access is denied. So I run regedt32.exe, change my permissions and try later, still the same problem. So it uninstalls itself and restarts my computer without asking. Upon boot up, my username password has changed, so I start up in safe mode. When I reach safe mode my start bar at the bottom is gone... so I use ctrl+alt+delete to run CMD and change the password of my username to what it was before... I restart my computer and log in as myself and the start bar is still missing. I can't drag or drop files unless I use CMD to copy/move. Half of my programs won't start up including Windows Defender and Firefox. When I navigate to system restore with file browser and I try to run it I get an error message, "System Restore is not able to protect your computer. Please restart your computer and run System Restore again." (Of course I could restart my computer 100 times and it still wouldn't work). So, in order to try last resorts I do "sfc /scannow" and "chkdsk /f" I also make a copy of svchost.exe and rename it to svchost..exe with CMD. None of those efforts were able to repair the problem. So, I load up my WindowsXP disc again, and reinstall Windows... again... I start up knowing well, "surely, reinstalling Windows will fix this problem," I was wrong. I log on to my username and I still have no start bar and half of my programs still won't load. I am officially out of ideas, and I'm guessing the problem has something to do with deleting that svchost..exe with Hijack This!

Please help. Thanks a lot to anyone who makes an effort :thumbsup:.

Edited by Cat Guy, 14 April 2008 - 02:06 PM.


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:39 PM

Posted 14 April 2008 - 02:56 PM

Hello cat guy, welcome to Bleeping Computer.

HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.

If you do not have advanced knowledge about computers you should NOT fix entries using HijackThis without consulting an expert on using this program.

edited to remove info concerning svchost.

Edited by Queen-Evie, 14 April 2008 - 05:17 PM.


#3 Cat Guy

Cat Guy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 April 2008 - 02:57 PM

I didn't delete "svchost.exe" from system32, I deleted "svchost..exe", svchost.exe is still there. They were both in the system32 folder.

Edited by Cat Guy, 14 April 2008 - 02:58 PM.


#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:39 PM

Posted 14 April 2008 - 05:16 PM

My bad, now I see the distinction. Sorry about that, I'll edit my previous post to delete my statements.

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:39 PM

Posted 15 April 2008 - 11:28 AM

svchost..exe is likely to be a virus
svchost.exe in the system32 subdirectory is likely to be OK.

Viruses rarely do just one thing to your system, so it's likely that there are more infected bits on your system. And, if it's able to corrupt your antivirus, then instlaling another one probably won't help any.

I'd first suggest trying some of these free, online scans:
Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully:

http://housecall.trendmicro.com
http://www.pandasecurity.com/homeusers/solutions/activescan/
http://www.kaspersky.com/virusscanner
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://us.mcafee.com/root/mfs/default.asp
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/



If this doesn't fix the problem, then I'd suggest posting over in the "Am I Infected" forum located here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 Cat Guy

Cat Guy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 15 April 2008 - 01:52 PM

Thanks, but I posted in over 5 forums and most ignored my problem, so I just reformatted and lost a lot of my work. I moved most of it over on to my Linux drive, but installing all of my programs is going to be a hassle due to the fact that I am a 3D/2D game developer and a web designer and I have a lot of top of the line programs. I think it was about time for a reformat anyways, thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users