Results 1 to 11 of 11

Thread: Svchostc problems – possible virus

  1. #1
    Banned Jimmy Little's Avatar
    Join Date
    Jul 2003
    Location
    Southampton
    Posts
    2,517
    Thanks
    0
    Thanked
    0 times in 0 posts

    Svchostc problems – possible virus

    Svchostc problems – possible virus
    Svchostc problems – possible virus

    When ever my friend tries to shut down his pc (win me) he gets this msg

    Schostc – you must quit this program before you quit windows.

    He has broadband and has trouble with that since, I’m suspecting some sort of virus has any of you guys come across this?

    here is the AOL error

    "waol has causded an error in supersub.dll waol will now close if you continue to have probs try restarting"

    reinstalls and restarts don't help this aol prob

    thanks Jim

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    529
    Thanks
    1
    Thanked
    0 times in 0 posts
    To quote symantec:
    Svchostc.exe and Svchosts.exe are non-malicious proxy programs, and thus, Symantec antivirus products do not detect them.........
    .........Navigate to the %System% folder and delete the svchosts.exe and svchostc.exe files.

  3. #3
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts
    Its also a generic host process for Windows - not always malignant. However some worms will try and run themselves as it. Look for copies of it running as a user rather than System in task manager
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  4. #4
    I can't get no sleep
    Join Date
    Jul 2003
    Location
    123 Fake Street, London
    Posts
    811
    Thanks
    35
    Thanked
    3 times in 3 posts
    I do not know if svchostc and svchost are related to each other. However, you do not want to delete svchost (also known as Generic Host Process for Win32 services) or things related to it as I think GHP is vital for Windows. I know on my system (Win2k) that GHP is used for DNS lookup. I would be surprised it let you delete scvhost anyway.

    I seem to remember that computers infected with the Blaster worm would sometimes show errors relating to svchost, but I do not know if this is relevant to svchostc and your problem.

    Get Windows up to date patch wise. Scan for viruses with an up to date checker. You might consider one of the online checkers if the one on his computer has been compromised, e.g. http://housecall.trendmicro.com/hous...start_corp.asp. Also install, update and scan using Spybot Search and Destroy.

    Does you friend have a firewall installed? If not, suitably chastise him and then install one . I use Zone Alarm Pro, but they do a free version that is supposed to be similar.

    ----
    Some links that mention svchostc which might be of use:
    http://www.sophos.com/virusinfo/anal...ojtofgerb.html
    http://vil.nai.com/vil/content/v_100768.htm
    http://securityresponse.symantec.com...door.zinx.html
    Last edited by Anders; 09-12-2003 at 04:06 AM.
    "Keyboard missing - press F3 to continue" Message seen on an Apricot PC.
    "To start press any key. Where's the any key?" Homer Simpson.
    Hexus Trust

  5. #5
    Banned Jimmy Little's Avatar
    Join Date
    Jul 2003
    Location
    Southampton
    Posts
    2,517
    Thanks
    0
    Thanked
    0 times in 0 posts
    Thanks for the help guys, i went round and worked on the pc for 2 hours yesterday - I’m 100% sure there is at least 2 virus's left if not more

    It would only let me install Norton and blocked all attempts for a full scan or live updates... but even with a half scan on the 2003 (with out any updates!!!) it found 2 virus's... also AOL was disabled and there three around 15 other programs demanding to start up when the pc booted... including porn stuff and 'gator' applications and many others that I had not come across before.. I suspect at least two virus's in from msn msg as well.. the computer would not let me install/work any av software and i tried a few! Which again leads me to think virus... anyway there new pc came today so I’m gonna just copy the files onto the other pc and then virus scan them big time... i will be sure to build the new computer up with up-to-date av software, firewall and patches... they have around 3 gig of data and no cd writer, so I’m gonna slave the hard drive and scan it... then copy the files..

    Sound ok guys?

    I think this is gonna be common now – give broadband to a family and let them run msn msg, kaaza and no firewall or av software! Your asking for trouble!!

  6. #6
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts
    try an online Virus scan.
    http://housecall.trendmicro.com/
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  7. #7
    Banned Jimmy Little's Avatar
    Join Date
    Jul 2003
    Location
    Southampton
    Posts
    2,517
    Thanks
    0
    Thanked
    0 times in 0 posts
    Originally posted by Moby-Dick
    try an online Virus scan.
    http://housecall.trendmicro.com/
    can't get online... supersub.dll is borked, i can't uninstall AOL i can't reinstall... and i can't get it to work!!

  8. #8
    Ex-PC enthusiast
    Join Date
    Sep 2003
    Location
    Dublin, Ireland
    Posts
    1,089
    Thanks
    0
    Thanked
    0 times in 0 posts
    Sounds like a virus alright, have you tried booting off of the Symantec cd, the original installation cd for norton is bootable and it will look on the drive to find the latest defintion set, if it does not find them it will do a scan using the out of the box definitions. Personally if the machine is also full of spyware I would reinstall the whole thing, how many "bad" dll's and crappy entries does he have in his registry now? Another option is to run the virus removal tools from the Symantec website: Virus removal tools
    If you have any more questions then reply here and I can see what help I can give, I have a lot of antivirus resources here.

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    529
    Thanks
    1
    Thanked
    0 times in 0 posts
    Big "ooops" on my first post. Forgot that some AV programs call generic host 'svhost'. Silly of me.

    I'ed forget about it Bobby. I used to block it on single systems, but find I need to allow it on networked systems along with a couple of other processes for smooth running.

  10. #10
    Banned Jimmy Little's Avatar
    Join Date
    Jul 2003
    Location
    Southampton
    Posts
    2,517
    Thanks
    0
    Thanked
    0 times in 0 posts
    i got adaware working and that found 50 reg lines!!! aswell as all the other crap... gator had it's stinky paws all over the computer.. i'm gonna slave the hard drive and onto the new computer then wipe the old one and rebuild as a spare for there kidz

  11. #11
    Banned Jimmy Little's Avatar
    Join Date
    Jul 2003
    Location
    Southampton
    Posts
    2,517
    Thanks
    0
    Thanked
    0 times in 0 posts
    after i slaved the hard disk i scanned it and found 10 virus's including some mean ones and as thought....... Svchostc was infected...


    so virus not AOL to blame this time...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •