Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is svhost.exe?


  • This topic is locked This topic is locked
9 replies to this topic

#1 JenMorg13

JenMorg13

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 27 August 2013 - 12:41 AM

Hello,

I am not sure if this question is in the right location, sorry if not.  Symantic enpoint protection keeps giving me the message that it is blocking svhost.exe.  Is this a bad sign?



BC AdBot (Login to Remove)

 


#2 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:16 AM

Posted 27 August 2013 - 12:45 AM

Probably yes, this could be connected with some viruses...

Can you make a picture of detection and post it here, so we can see what is it about?

#3 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 27 August 2013 - 01:28 AM

Not sure how to make a picture of detection. coppied my log to a excel doc

svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ######## svchost.exe Hosts File Change Access Denied System Change Risk c:\windows\system32\ JENNIFER-PC SYSTEM Access Denied c:\windows\system32\ Block No Action Recommended SONAR Access Denied ########

#4 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:16 AM

Posted 27 August 2013 - 04:51 AM

http://www.wikihow.com/Take-a-Screenshot-in-Microsoft-Windows

#5 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 27 August 2013 - 07:41 AM

awesome..thanks...now I know how to take a screenshot, only problem is I am not sure where in windows I go to take the detection screenshot. Windows isn't detcting it. Symantec endpoind protection is popping up messages that svchost.exe is being blocked.. or if it is in my av that I take a screenshot where in my av...My network threat log.  I started getting these messages after I increased the security and enabled sonar on SEP. 


Edited by JenMorg13, 27 August 2013 - 07:41 AM.


#6 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:16 AM

Posted 27 August 2013 - 11:26 AM

When message pops up, then you quickly take the Scren Shot of your screen, by pressing PrintScreen on the keyboard :)

#7 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 27 August 2013 - 08:08 PM

My screenshot button doesn't seem to work.  I tried the sniipping tool but this message will not allow me to paste the symantec error report image but this is what it says

 

Symantec Endpoint Protection

SONAR

X  A potential threat has been detected on your computer

An attempted Hostfile change has been detected.

Location:

C:\windows\system32\svchost.exe

 

Block this file or behavior (recommended)

Allow this file

Symantec


Edited by JenMorg13, 27 August 2013 - 08:09 PM.


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W


  • Members
  • 5,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 27 August 2013 - 11:53 PM

 
 
 
 

Assuming you are running windows 7

 

You have obviously found the paint program.

 

Ignore the symantec thingie for the moment.

 

With just your ordinary desktop showing.....press the "PRT/Scr/SysRq " button just Once.

 

Then...open the paint program and click on 'Edit"........then on 'Paste'.....

 

The result will be a "screenshot" of your desktop.

 

If you then click on the close x in the top right hand corner, it will ask if you wish to "save changes' to untitled...

 

Click 'Yes', and save it somewhere that you can access it easily....eg  Desktop...

 

So.....when the symantec message next pops up.....just tap the "PRT/Scr/SysRq button once.....and away you go from there.

 

I note that you have boopme's attention here :: http://www.bleepingcomputer.com/forums/t/505803/java-deployment-toolkit-603706-603706/

Have no doubt if there is anything untoward happening with your PC ....he will find it.

 

 

 

Regards,


Edited by Condobloke, 28 August 2013 - 12:05 AM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#9 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 28 August 2013 - 10:28 AM

 

 
 
 
 

Assuming you are running windows 7

 

You have obviously found the paint program.

 

Ignore the symantec thingie for the moment.

 

With just your ordinary desktop showing.....press the "PRT/Scr/SysRq " button just Once.

 

Then...open the paint program and click on 'Edit"........then on 'Paste'.....

 

The result will be a "screenshot" of your desktop.

 

If you then click on the close x in the top right hand corner, it will ask if you wish to "save changes' to untitled...

 

Click 'Yes', and save it somewhere that you can access it easily....eg  Desktop...

 

So.....when the symantec message next pops up.....just tap the "PRT/Scr/SysRq button once.....and away you go from there.

 

I note that you have boopme's attention here :: http://www.bleepingcomputer.com/forums/t/505803/java-deployment-toolkit-603706-603706/

Have no doubt if there is anything untoward happening with your PC ....he will find it.

 

 

 

Regards,

 

Thanks for the reply! hhmmm I can't get prt sc to work for me... my prt sc button is shared with my home button (print screen being in the box and "home" on top. when I hit that button nothing happens when I try to paste in paint?



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 AM

Posted 28 August 2013 - 12:30 PM

As I said in the other topic where boopme was assisting you. You posted your logs and are already getting help from Gringo.

After posting a log and getting assistance, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

The Malware Response Team should be the only members that you take advice from, until they have verified your log as clean. Please advise Gringo you followed a few steps in this topic so he is aware of what else has been done.

To avoid confusion, I am closing this topic.

If this is a different computer thank the infected one you are getting help with...send me a PM and I will reopen it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users