Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Startup Entries


  • Please log in to reply
5 replies to this topic

#1 idk

idk

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland, New Zealand
  • Local time:02:04 AM

Posted 04 April 2007 - 12:56 AM

Hello. I went on CCleaner and checked the starup manager and saw these random starup entries:
Posted Image

Their locations all lead to svchost.exe.
Are those items harmful to my computer?

BC AdBot (Login to Remove)

 


#2 chapo

chapo

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 04 April 2007 - 01:00 AM

None of these look harmful to your computer.

Update checker: checking for updates
Antivir: your antivirus program Antivir
icq: is the messenger program you use
msconfig: is a system file that runs deals with the startup programs in the windows OS

I can also suggest to go to the startup list link at this site it would probably answer some of you questions. ;->

Edited by chapo, 04 April 2007 - 01:07 AM.


#3 idk

idk
  • Topic Starter

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland, New Zealand
  • Local time:02:04 AM

Posted 04 April 2007 - 01:48 AM

I don't have antivir nor icq and I don't know what updates update checker is checking for.
msconfig is to be activated in run not during startup

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 04 April 2007 - 01:58 AM

You need to find out the location of the service that is running under svchost to determine if it is legit or not.

How to determine what services are running under a SVCHOST.EXE process
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 idk

idk
  • Topic Starter

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland, New Zealand
  • Local time:02:04 AM

Posted 04 April 2007 - 01:59 AM

Oh no I just found out it's a trojan the file is actually scvhost.exe not svchost.exe. Look at the picture it's scvhost.
I'll post a HJT log if symantec w32.gaobot fixtool does not work.

Edited by idk, 04 April 2007 - 02:00 AM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:04 AM

Posted 04 April 2007 - 10:08 AM

Yup these are detected by Sophos as Troj/Bckdr-PUT

http://www.sophos.com/security/analyses/trojbckdrput.html

These are also all listed in our startup database as bad.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users