Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe In Prefetch, Is It A Problem?


  • Please log in to reply
2 replies to this topic

#1 innerjag

innerjag

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 25 March 2007 - 03:03 PM

I notice that there are 6 SVCHost.exe files running. I did a search on the file and I've found that this is normal but, it is also a known flaw in Windows that hackers like to exploit.

I ran a search and found 3 SVCHost.exe running in the C: directory. One of them is stored in the Prefetch. The Prefetch SVCHost.exe file was modified on March 17th 2007. This file also stands out because the computer doesn't know which application to open it with. I'm thinking this is a virus. Can someone confirm?

Edited by innerjag, 25 March 2007 - 03:05 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 25 March 2007 - 03:56 PM

The prefetch directory contains data that Windows XP prefetches as bootup to increase bootup time. In this case, it's prefetching svchost.exe.

Nothing to worry about.
--------------------------------------------------------------------------------

http://ask-leo.com/comments_009488.php?page=1

And then from Leo (If you can't trust Leo, who can you trust?)
I just did a scan for svchost.exe
I not only found it in /system32 and /servicepack/i386 but also in /prefetch

I'm assuming the one in /prefetch is a virus

Posted by: Evelyn at February 27, 2006 08:31 PM
Not neccesarily. Prefetch is a valid place for it to be, but it's also ok to delete it from there. It'll probably come back. Prefetch is a performance optimization for loading windows.

Posted by: Leo at February 27, 2006 08:34 PM
--------------------------------------------------------------------------------

Do you have any symptoms of malware?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:06 AM

Posted 25 March 2007 - 04:51 PM

As I recall, the exploit is of concern if you haven't updated to SP2.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users