close

Privacy guaranteed - Your email is not shared with anyone.

svchost.exe - what is it?

Discussion in 'Tech Talk' started by Big Dog Dad, Jul 15, 2004.

  1. Big Dog Dad

    Big Dog Dad NRA Patriot Life Member

    Messages:
    527
    Likes Received:
    483
    Joined:
    Jun 4, 2000
    Location:
    S.W. Pa
    My firewall keeps poping up blocking svchost.exe. Does anyone know what this is or what it does? It's in the windows sub but so have been a lot of other spyware and popup programs. I really enjoy spending half of my time on the PC trying to eliminate problems caused by these little hacker geeks and the other time trying to fix problems caused by the other larger Gates geek. I think it's time to go to the dark side and buy an Apple.

    -=BDD=-
     
  2. saber41

    saber41 Guest


  3. 10 Ring Tao

    10 Ring Tao Red White Blue

    Messages:
    860
    Likes Received:
    0
    Joined:
    Sep 18, 2003
    Location:
    Southeast Michigan
    There is a virus that spreads itself through the kazaa network that will masquerade as Svchost.exe. It copies itself into the windows folder. This comes to mind because I've never known the legit svchost.exe to try and access the net, and I keep close dibs on what programs are doing via my firewall.

    Do/did you have kazaa?

    Do you have an up to date virus scanner?
    (If not go to http://housecall.trendmicro.com for a free scan.)

    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cozit.html
     
  4. Harlequin

    Harlequin I need a weapon

    Messages:
    455
    Likes Received:
    0
    Joined:
    Sep 19, 2003
    Location:
    East Central Indiana
  5. physicsdevil

    physicsdevil

    Messages:
    44
    Likes Received:
    0
    Joined:
    Jan 25, 2000
    Location:
    California
    It's a standard component that manages dlls and services.
     
  6. Big Dog Dad

    Big Dog Dad NRA Patriot Life Member

    Messages:
    527
    Likes Received:
    483
    Joined:
    Jun 4, 2000
    Location:
    S.W. Pa
    If truly is infected, can I replace it somehow? I basicaly understand what it does (I think), so how can I replace it with a legitimate copy?

    -=BDD=-
     
  7. 10 Ring Tao

    10 Ring Tao Red White Blue

    Messages:
    860
    Likes Received:
    0
    Joined:
    Sep 18, 2003
    Location:
    Southeast Michigan
    No no, the virus doesn't infect the legit svchost.exe, it creates a new file of the same name in a different location. The bad one just needs to be deleted leaving the legit one alone, and then your registry needs to be cleaned. Pretty much all you need to know about the bad one is in the symantec link above. Again, get a free scan from http://housecall.trendmicro.com just in case.
     
  8. 0100010

    0100010 Millennium Member

    Messages:
    562
    Likes Received:
    0
    Joined:
    Sep 15, 1999
    Location:
    DFW
    To learn the actual sources and filenames that are generating the processes you can see in Task Manager, download and run Process Explorer - http://www.sysinternals.com . If one or more of your svchost.exe processes is a virus, you can see what and where the offending file is located. Then it's a simple matter of accessing the hard drive in safe mode command prompt, to delete the offending file.