Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.EXE


  • Please log in to reply
15 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:15 PM

Posted 28 June 2005 - 04:58 PM

Hi, I am kind of new here and I read an article, here, that said svchost.exe was a bad thing to have on your pc.

I have run AV, Ad-Ware, Spy Ware, and Trojan killing programs in safe mode but none of them made a fuss about that file.

So I am kind of wondering what it is for, what it does, how did it get where it is, and should I delete it through the shredder, or zip it up into a nasty things file?

Thanks to anyone who might help. Wendy

BC AdBot (Login to Remove)

 


m

#2 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 28 June 2005 - 06:21 PM

as said by wintasks library:

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

If no antivirus or spyware scanners pick anything up, your safe.

Edited by Techsomething, 28 June 2005 - 06:23 PM.


#3 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:15 AM

Posted 28 June 2005 - 09:14 PM

It depends on where it is located. In the correct Windows folder, it performs very necessary operating functions. If found in other folders, it is a disquised form of malware.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:15 PM

Posted 28 June 2005 - 11:15 PM

as said by wintasks library:

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

If no antivirus or spyware scanners pick anything up, your safe.

Hi, Thanks for that insight. Now someone ought to re-write that article and correct whoever it was that said that file was plumb evil and should be deleted.

Damn, I'm sure glad that I didn't go bonkers with the del button.

Hey I want to fuss at you, just a little, about your signature. I guess that it is true that Zone Alarm has a good free firewall, but you got to watch Zone Alarm like a thief.

I checked out their Zone Alarm Pro for the trial period and when it ended Zone Alarm offered me a "Free Ad-Ware/SpyWare Scan". Being a trusting chump I accepted their offer.

What I had nor realized was that Zone Alarm had shipped me over to some crooked friends of theirs named Pest Patrol to do the actual scanning.

Those dogs at pest patrol loaded my system up with forty five different
ad-ware/spyware things. Then those dogs had enough nerve to tell me all of the bad things that were going to happen to my PC, and offered to sell me a program to take out what they had just stuck into my PC.

I did not buy their program, and all of the bad things have been happening to me just like they said that they would. That was several months ago and I am still struggling to get everything back to normal.

I do not recommend Zone Alarm, nor Pest Patrol to anyone. Bye Wendy

Edited by Wendy K. Walker, 28 June 2005 - 11:28 PM.

TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#5 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:15 PM

Posted 28 June 2005 - 11:24 PM

Hi jqweed, I am kind of dumb about this stuff *feeling kind of blond here* and I have no clue as to how to find out what folder those little buggers are hiding in.

All I know for sure is that task manager says that I have five of them running right now.

How the heck do I go about tracking them down to a folder? Thanks Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#6 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 28 June 2005 - 11:33 PM

The file svchost.exe is located by default in
C:\WINDOWS\system32\svchost.exe

All i can say to you is if when you look at staryup, and registry if a file named svchost.exe is pointing to a file other than C:\WINDOWS\system32 delete it.

And what i have to say to you about zonelabs is you went to a fradulent site. Ive used zonelabs for a long time, their softwae is trustworthy.

However, very unlikely, its possible. So if you ever find a site your not sure of, send it here t us at BC and well check it out.

Edited by Techsomething, 28 June 2005 - 11:35 PM.


#7 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:15 PM

Posted 29 June 2005 - 02:27 AM

Wendy - here is a link (with instructions) to a utility written by Grinler (our Glorious Leader) that will show you the origin of all the services running on your system. You can check down the list for svchost.exe and if they are all named as being under the C:\windows\system32 folder then you can be confident they are the real windows exe and not something else in disguise.

http://www.bleepingcomputer.com/files/getservices.php

If you wish to read the whole tutorial which explains what is going on, it is here:

http://www.bleepingcomputer.com/forums/How...vice-tut83.html

- be warned, it is fairly advanced.

BTW - sorry you had a bad experience with Zone Alarm, I've never used the trial version, I've been quite happy with the free product and have recommended and used it many times without problems.

hth :thumbsup:

Edited by Rimmer, 29 June 2005 - 02:32 AM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#8 thedon57

thedon57

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastbourne East Susex UK
  • Local time:01:15 PM

Posted 29 June 2005 - 03:49 AM

hi just to back rimmer up i used zone alarm for years before i went to the windows firewall and i too can say i have recommended it to loads of people, also it works well on windows 98, so yes that lady must of got a rouge site.
Now installed Microsoft Security Essencials on my Tower with Windows Home Premium 32bit and Toshiba Satellite Pro Laptop with Windows Home Premium 64bit

#9 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:15 PM

Posted 30 June 2005 - 12:35 AM

Hi Guys, I don't know how to answer each of your replies separately so I will just do it all on one thing here.

First to "techsomething", Thanks for getting back to me. Like I said before I am new to all of this and it has me feeling really blond. I get the part about c:\WINDOWS\system32\svchost.exe because you spelled it out, that is a command line, I think.

But where do I look to find the startup, and registry things that you spoke of? How do I get to them?

Now for that Zone Alarm thing, I do have Zone Lab,s Zone Alarm installed on my PC. I did not go traipsing off across cyber space to some unknown site that I had googled up.

I had been using Zone Alarm for a good while, and they would offer a free trial upgrade from time to time, so I had decided to check out their Pro for the fifteen day trial, and at the end of their trial period they offered me that free scan.

Like you said, they have a good "free" firewall, I agree with that. I have been using it, with no complaints for a long time now, however, after what them and Pest Patrol did to my PC I won't recommend either one of them to anyone.

I was ready to buy the Pro version from them before that happened, now I won't buy anything that is connected to either of them, but thats just me.

Now Hi "rimmer", if I read your screen name correctly, I have to ask "Have you seen Cat lately?" Thanks for that link, I will scoot on over there and check it out.

I just put my little search puppy to work scouring my hard drive for svchost things. Maybe that will help me out too.

Whew, Now to thedon57, thanks for the input, but once again I have to say that I got all of it straight from Zone Lab's Zone Alarm that I had already had installed on my machine for a good while. I don't know why they pushed me over to Pest Patrol, or what the two companies have in common.

All I know for sure is that my PC was clean before I let them do that scan, and I have been killing bugs and critters every since then. Thanks again everyone, Bye Wendy

#10 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 30 June 2005 - 12:43 AM

Yo answer your question wendy use the link that rimmer gave you to the software grinler wrote that tells you where your services are starting up. Simply look up svchost.exe and if it starts from C:\windows\system32\svchost.exe Its not a virus.

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:15 AM

Posted 30 June 2005 - 09:41 AM

Zone Alarm has been offered to the computer literate community for many years and has an outstanding reputation for ethical practices and honesty as well as a great product.

You may have been hacked and sent to a site that hijacked the scan that was supposed to go to Zone Alarm but you can be certain that Zone Alarm nor any site it actually referenced installed any type of malware on your computer.

I really suggest that you do a little research before making slanderous statements as you did against companies such as the producers os Zone Alarm who have demonstrated by past practice that they are beyond ethical reproach. Zone Alarm initially was offered only as freeware and their freeware version is still universally respected by almost all computer experts and rating services. Their pro version offers services beyond what is offered by their basic freeware firewall.

#12 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:15 AM

Posted 30 June 2005 - 09:57 AM

hi just to back rimmer up i used zone alarm for years before i went to the windows firewall and i too can say i have recommended it to loads of people, also it works well on windows 98, so yes that lady must of got a rouge site.

Why would you use the Windows firewall instead of Zone Alarm?

The Windows firewall only protects you against incoming threats and does nothing to prevent Trojans or dialers from sending data that resides on your system.

That's less than half the job of a firewall as far as I am concerned, as a dialer can call 900 numbers and leave you with a humongous phone bill (which will be valid because your computer DID make the calls) or allow Trojans to disperse confidential information like banking records, etc, to nefarious criminal enterprises.

Do yourself a favor - reactivate Zone Alarm or get one of the other available firewalls that offers both incoming and outgoing coverage and then shut the Windows firewall off.

#13 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:15 PM

Posted 02 July 2005 - 11:02 PM

In reply to your PM about problems running getservices - did you follow these steps?

To use this script, download Getservices.zip from the link below and extract the zip file to your C: drive. Once it is extracted th ere will be a directory on your C: drive called getservice. Inside the C:\getservice directory will be a file called getservice.bat . Simply double-click on the getservice.bat file and when it is completed a notepad will open with a lot of information. You can th en copy the entire contents of that notepad to a reply to the post you are working on or use it for other purposes.


So what's in your c:\getservices folder? You just need to double click the .bat file not the .exe file.

Edited by Rimmer, 02 July 2005 - 11:19 PM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#14 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:15 PM

Posted 03 July 2005 - 01:58 AM

Hi rimmer, I am sorry for having bugged you via PM. I have to say that you must be a powerful guru, because I have downloaded, unzipped, and ran that file at least ten times trying to get it to work.

I decided to give it one more go before I deleted it and started over again, I think it heard you thinking because it finally worked. Here is what was on the notepad >>

Damn, on second thought, I had better ask first, did you mean for me to copy all of the content of notepad and post it here? That bugger is longer than my arm. Let me know if you had ment for me to post it here or elsewhere. Thanks Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#15 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:15 PM

Posted 03 July 2005 - 02:56 AM

Well it's good that it worked, finally. But I can't take any credit for it! :thumbsup:

Hopefully you won't have to post it anywhere since all you need to do is cast your eye down the list of services and check all the svchost.exe entries. If they are all named as being under the C:\windows\system32 folder then all is well in that department.

:flowers:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users