svchost.exe infected!!!!!!

Status
Not open for further replies.
S

shashank_digitreader

Guest
I am using AntiVir XP, recently the file svchost.exe was infected by a virus. When the antivirus prompted about the infected file, i deleted it, now whenever i start my pc, and error message appears telling that svchost.exe was not found. How can i recover it, or do i face any problems in the absence of that file?
 
shantanu

shantanu

Technomancer
type msconfig in run and click on EXPAND FILE then insert your windows xp cd in your cd rom drive

then write in:
file to restore : c:\windows\system32\svchost.exe
restore form : x:\i386\ (where x is your cd drive letter)
save file in : c:\windows\system32\

do it and your problem is solved
 
it_waaznt_me

it_waaznt_me

Coming back to life ..
Hmm... If your system is working fine apparantly, then its the startup entry created by the virus which is causing the trouble. Check if the filename is sCVhost and not sVChost. scvhost is a file created by a virus (Agrobot).

If you find an entry for scvhost in Msconfig.exe, delete it.

Windows wont run properly without Svhost.exe ( Generic host for windows services) so its a high probabilty that the file deleted was not the windows legitimate file.
 
anandk

anandk

Distinguished Member
^ i second it; also the legist ms svchost is situated in system32 folder. u can check up it props too, to b sure. running a good registry cleaner (ccleaner) could help.
 
Kiran.dks

Kiran.dks

Technomancer
svchost.exe running at C:WINDOWS/SYSTEM32 location is genuine Windows process. Never kill it. scvhost.exe is the process created by JEEFO worm. Checkout the error message which of these is creating problems.
Or post the HijackThis report here for analysis.
 
OP
S

shashank_digitreader

Guest
shantanu_webmaster said:
type msconfig in run and click on EXPAND FILE then insert your windows xp cd in your cd rom drive

then write in:
file to restore : c:\windows\system32\svchost.exe
restore form : x:\i386\ (where x is your cd drive letter)
save file in : c:\windows\system32\

do it and your problem is solved
Click to expand...

Thanx for the help, but it didnt work. It says some errors are present in "file to Restore". help anyone
__________
it_waaznt_me said:
Hmm... If your system is working fine apparantly, then its the startup entry created by the virus which is causing the trouble. Check if the filename is sCVhost and not sVChost. scvhost is a file created by a virus (Agrobot).

If you find an entry for scvhost in Msconfig.exe, delete it.

Windows wont run properly without Svhost.exe ( Generic host for windows services) so its a high probabilty that the file deleted was not the windows legitimate file.
Click to expand...
My windows is a bit slow, and the file deleted is Svhost.exe.
 
Last edited by a moderator:
it_waaznt_me

it_waaznt_me

Coming back to life ..
Sounds like MyDoom .. Use these removal instructions :


*www.symantec.com/security_response/writeup.jsp?docid=2004-041516-1209-99&tabid=3

^^ Basically you just have to delete the startup entry created by the worm in your registry.
 
phreak0ut

phreak0ut

The Thread Killer >:)
I think I'm facing the same virus, I need to check it out. Thanks for letting me know what your virus was and thanks everyone for the solution. I'll keep you guys posted as well.
 
M

mannu_techy

Broken In
open 'Run' from start menu and type in it the command

'netsh winsock reset' (without quotes)

hope this will solve ur problem
 
OP
K

khattam_

Guest
Start > Run > msconfig

Under Startup remove svchost.... This SHOULD work.

If you find no such entries, then paste your HijackThis Log File here.
Download HijackThis, then run it. Perform System Scan and save a logfile. Then paste the logfile here.... Geeks here should help, even if I forget to come back to this.... Send me a mail at "pravindahal[AT}yah00.com" with logfile attached.
 
Last edited by a moderator:
T

troubleshooter

Broken In
I 2 am experiencing a peculiar problem. After using the net for sometime i get a "Generic host something........" Error and my net stops working. I have to reboot my system so that i can using the internet again. Please help
 
shantanu

shantanu

Technomancer
GENERIC ERROR ....

*www.thinkdigit.com/forum/showthread.php?t=43126&page=4



AND SVCHOST.exe try another win XP CD
 
Kiran.dks

Kiran.dks

Technomancer
troubleshooter said:
I 2 am experiencing a peculiar problem. After using the net for sometime i get a "Generic host something........" Error and my net stops working. I have to reboot my system so that i can using the internet again. Please help
Click to expand...

For this solution, refer ....

ERROR RESOULTION: Generic Host Process Error Message
 
T

troubleshooter

Broken In
Kiran_tech_mania said:
For this solution, refer ....

ERROR RESOULTION: Generic Host Process Error Message
Click to expand...

I tried the steps mentioned in the post but I am still facing the same problem.
The error screeshot is attached. Please help.........
 
T

troubleshooter

Broken In
troubleshooter said:
I tried the steps mentioned in the post but I am still facing the same problem.
The error screeshot is attached. Please help.........
Click to expand...

This is the error message i got when i looked in the event log

Wednesday, January 10, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Wednesday, January 10, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Friday, January 12, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Saturday, January 13, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Tuesday, January 16, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Tuesday, January 16, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Wednesday, January 17, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Wednesday, January 17, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Thursday, January 18, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Thursday, January 18, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Thursday, January 18, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Friday, January 19, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Friday, January 19, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Saturday, January 20, 2007 Applicatio n Error Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
 
Kiran.dks

Kiran.dks

Technomancer
The problem is with netapi32.dll file. It runs a svchost.exe which controls LAN and Network. Turn off "Automatic updates" of Windows first. This will stop that explorer error message. Then make a manual update of Windows.
After downloading & installing updates, turn on the automatic updates.
 
T

troubleshooter

Broken In
it_waaznt_me said:
You should download these updates and install them :

KB894391

KB921883 (Critical)

Source
Click to expand...

Thanks man for your help. It seems to work. Have not been disconnected for the past hour or so. Will contact if the error persists.
 
Status
Not open for further replies.
Top Bottom