Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove svchost.exe from ur temp folder?


  • Please log in to reply
5 replies to this topic

#1 Blazed

Blazed

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 21 November 2016 - 01:04 PM

svchost.exe virus can be removed by these steps/

 

1.Open the task manager and go to the details tab.

 

2.Find svchost.exe file.Make sure it is the virus host file because u dont want to delete the windows host process.Open file location to check it is located in temp.

 

3.right click on the svchost.exe file and end the task.

 

4.open run by pressing windows +r.

 

5.type in %temp%.

 

6. delete the svchost.exe file.

 

u should be able to delete the file  because you end the process.

 

it worked for me.

 

Thank You.


Edited by hamluis, 21 November 2016 - 01:10 PM.
Moved from MRL to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 21 November 2016 - 01:54 PM

Hello and welcome, @Blazed:

 

Thanks for your thoughtful suggestions.

You are correct: svchost.exe is a frequent malware target.

The problem is, an average computer user would lack the skills to determine "which" svchost.exe file to delete.

Generally, DIY self-medication for malware removal will get the average user into big trouble, sometimes complicating or even preventing proper recovery.

 

Each infection on each computer is unique.

It would be safer for users with infected systems to seek a bit of free, expert, guided help from trained malware removal specialists in the Malware Removal section of the forum.

 

The approach you suggest is certainly well-intentioned, but it could lead to trouble.

 

No offense or disrespect intended.

Enjoy your stay,

 

MM



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:25 PM

Posted 21 November 2016 - 05:41 PM

FYI for those reading this topic, especially our novice members.

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (.dll's) and can run other services underneath itself. This is a valid system process that belongs to the Windows Operating System which handles processes executed from .dll's. It runs from the registry key, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost where details of the services running under each instance of svchost.exe can be found. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual to find multiple instances of Svchost.exe running at the same time in Windows Task Manager in order to optimize the running of the various services.
  • svchost.exe SYSTEM
  • svchost.exe LOCAL SERVICE
  • svchost.exe NETWORK SERVICE
Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process identifier (PID)'s must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time. The PID is not static and can change with each logon but generally they stay nearly the same because they are always running services.

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate Svchost.exe file is located in the C:\WINDOWS\system32\ folder. In Windows 7/8 64-bit the file may be located in the SysWOW64 folder. Malicious svchost.exe files are commonly located in the C:\Users\[UserName]\AppData\Local\Temp folder. The user profile AppData, ProgramData, and temp folders are common hiding places for malicious files.

Another technique is for the maicious process to alter the registry and add itself as a startup program or service so that it can run automatically each time the computer is booted. If svchost.exe is running as a startup (shows in msconfig), it can be bad as shown here. Always make sure the spelling is correct. If it's scvhost.exe, then your dealing with a Trojan.

Investigating Svchost.exe Tutorials::Effective security tools like Malwarebytes Anti-Malware will typically find and remove malicious svchost files safely.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Blazed

Blazed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 November 2016 - 07:54 AM

@ MoxieMomma

 

Thankyou for your reply.Yes deleting the wrong host file would trouble but its very much possible by any one if the host is only located in the temp folder.

 

Thank you for your support .This is my first post.



#5 Blazed

Blazed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 November 2016 - 07:57 AM

@quietman7

Thank you  for the reply.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:25 PM

Posted 23 November 2016 - 07:56 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users