Svchostc problems – possible virus

**Jimmy Little** · 05-12-2003, 02:39 PM

Svchostc problems – possible virus
Svchostc problems – possible virus

When ever my friend tries to shut down his pc (win me) he gets this msg

Schostc – you must quit this program before you quit windows.

He has broadband and has trouble with that since, I’m suspecting some sort of virus has any of you guys come across this?

here is the AOL error

"waol has causded an error in supersub.dll waol will now close if you continue to have probs try restarting"

reinstalls and restarts don't help this aol prob

thanks Jim

**Trickle** · 05-12-2003, 03:22 PM

To quote symantec:

Svchostc.exe and Svchosts.exe are non-malicious proxy programs, and thus, Symantec antivirus products do not detect them.........
.........Navigate to the %System% folder and delete the svchosts.exe and svchostc.exe files.

**Moby-Dick** · 05-12-2003, 08:33 PM

Its also a generic host process for Windows - not always malignant. However some worms will try and run themselves as it. Look for copies of it running as a user rather than System in task manager

**Anders** · 09-12-2003, 03:57 AM

I do not know if svchostc and svchost are related to each other. However, you do not want to delete svchost (also known as Generic Host Process for Win32 services) or things related to it as I think GHP is vital for Windows. I know on my system (Win2k) that GHP is used for DNS lookup. I would be surprised it let you delete scvhost anyway.

I seem to remember that computers infected with the Blaster worm would sometimes show errors relating to svchost, but I do not know if this is relevant to svchostc and your problem.

Get Windows up to date patch wise. Scan for viruses with an up to date checker. You might consider one of the online checkers if the one on his computer has been compromised, e.g. http://housecall.trendmicro.com/hous...start_corp.asp. Also install, update and scan using Spybot Search and Destroy.

Does you friend have a firewall installed? If not, suitably chastise him and then install one

. I use Zone Alarm Pro, but they do a free version that is supposed to be similar.

----
Some links that mention svchostc which might be of use:
http://www.sophos.com/virusinfo/anal...ojtofgerb.html
http://vil.nai.com/vil/content/v_100768.htm
http://securityresponse.symantec.com...door.zinx.html

**Jimmy Little** · 09-12-2003, 10:39 AM

Thanks for the help guys, i went round and worked on the pc for 2 hours yesterday - I’m 100% sure there is at least 2 virus's left if not more

It would only let me install Norton and blocked all attempts for a full scan or live updates... but even with a half scan on the 2003 (with out any updates!!!) it found 2 virus's... also AOL was disabled and there three around 15 other programs demanding to start up when the pc booted... including porn stuff and 'gator' applications and many others that I had not come across before.. I suspect at least two virus's in from msn msg as well.. the computer would not let me install/work any av software and i tried a few! Which again leads me to think virus... anyway there new pc came today so I’m gonna just copy the files onto the other pc and then virus scan them big time... i will be sure to build the new computer up with up-to-date av software, firewall and patches... they have around 3 gig of data and no cd writer, so I’m gonna slave the hard drive and scan it... then copy the files..

Sound ok guys?

I think this is gonna be common now – give broadband to a family and let them run msn msg, kaaza and no firewall or av software! Your asking for trouble!!

**Moby-Dick** · 09-12-2003, 11:20 AM

try an online Virus scan.
http://housecall.trendmicro.com/

**Jimmy Little** · 09-12-2003, 11:25 AM

Originally posted by Moby-Dick
try an online Virus scan.
http://housecall.trendmicro.com/

can't get online... supersub.dll is borked, i can't uninstall AOL i can't reinstall... and i can't get it to work!!

**Blub2k** · 09-12-2003, 02:01 PM

Sounds like a virus alright, have you tried booting off of the Symantec cd, the original installation cd for norton is bootable and it will look on the drive to find the latest defintion set, if it does not find them it will do a scan using the out of the box definitions. Personally if the machine is also full of spyware I would reinstall the whole thing, how many "bad" dll's and crappy entries does he have in his registry now? Another option is to run the virus removal tools from the Symantec website: Virus removal tools
If you have any more questions then reply here and I can see what help I can give, I have a lot of antivirus resources here.

**Trickle** · 09-12-2003, 02:07 PM

Big "ooops" on my first post. Forgot that some AV programs call generic host 'svhost'. Silly of me.

I'ed forget about it Bobby. I used to block it on single systems, but find I need to allow it on networked systems along with a couple of other processes for smooth running.

**Jimmy Little** · 09-12-2003, 02:40 PM

i got adaware working and that found 50 reg lines!!! aswell as all the other crap... gator had it's stinky paws all over the computer.. i'm gonna slave the hard drive and onto the new computer then wipe the old one and rebuild as a spare for there kidz

**Jimmy Little** · 10-12-2003, 10:27 AM

after i slaved the hard disk i scanned it and found 10 virus's including some mean ones and as thought....... Svchostc was infected...

so virus not AOL to blame this time...

Thread: Svchostc problems – possible virus

LinkBack

Thread Tools

Svchostc problems – possible virus

Thread Information

Users Browsing this Thread

Posting Permissions