|
Windows Problem
|
|
|
the_goat
Junior Member
|
26. December 2006 @ 11:34 |
Link to this message
|
My laptop recently got infected with the mIRC backdoor flood. I eventually found where it had located on my computer it was at
C:Windows/system32/softreg/svchost.exe I deleted it using gipo utility file remover on boot, the flood of pop ups has stopped,
but now I am getting an error message at start up which says
Cannot find the file svchost.exe is this a windows file?
What should I do next? Any help would be most welcome.
The Goat
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
26. December 2006 @ 11:46 |
Link to this message
|
A description of Svchost.exe in Windows XP Pro
INTRODUCTION
This article describes Svchost.exe and its functions. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
MORE INFORMATION
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.
read more here
http://support.microsoft.com/?kbid=314056
Description of Svchost.exe in Windows 2000
View products that this article applies to.
Article ID : 250320
Last Review : November 1, 2006
Revision : 3.2
This article was previously published under Q250320
For a Microsoft Windows XP version of this article, see 314056 (http://support.microsoft.com/kb/314056/EN-US/).
SUMMARY
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
read more here
http://support.microsoft.com/kb/q250320/
more info
"Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. It manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. In normal conditions multiple instances of Svchost.exe run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging. More info More info
Note: The svchost.exe file is located in the folder C:\Windows\System32. In other cases, svchost.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
Virus with same name:
Symantec Security Response - W32.Welchia.Worm
Symantec Security Response - W32.Assarm@mm
McAfee - W32/Jeefo
read more here
http://www.neuber.com/taskmanager/process/svchost.exe.html
This message has been edited since posting. Last time this message was edited on 26. December 2006 @ 11:54
|
|
janrocks
Suspended permanently
|
26. December 2006 @ 11:56 |
Link to this message
|
|
It's very likely that not only the svchost file but also csrss.exe have been replaced with malware. it's possible to replace them with known good versions, but that doesn't always cure the infection.
|
Senior Member
2 product reviews
|
27. December 2006 @ 21:19 |
Link to this message
|
|
I would recommend running full and up-to-date virus and anti-spyware scans. These should pick out the virus(es), spyware and other malware on your computer. You can use the Windows XP CD to replace the svchost file that is currently on your computer with its original. This should help the clean up process but as janrocks said it doesn't always cure the infection.
"The only people who should buy Monster cable are people who light cigars with Benjamins." - Gizmodo
|
|
aabbccdd
Suspended permanently
|
27. December 2006 @ 21:32 |
Link to this message
|
|
run "Spysweeper plus "SmithfraudFix" in safemode plus a VS
|
|
the_goat
Junior Member
|
28. December 2006 @ 02:32 |
Link to this message
|
Thanks for that guys I went into windows/system32/softreg/svchost.exe
and deleted it the mIRC back door flood virus was there even though Norton had come up clean after a full scan I had done a virus check with Norton (with latest updates)I think my computer is ok now apart from the missing svchost.exe file which I must have deleted along with the virus as I keep getting the message at start up "cannot find the file svchost.exe" and then one that says if this file is not present on your computer then remove reference to it from the registery.I didn't get a recovery disc with my computer, but a recovery partition, which appears to be locked, does anyone know if there is a place where I can download that file(svchost.exe) from?
I really appreciate you guys giving me your time like this,
Thanks a million !
The Goat
|
|
bkf
Suspended due to non-functional email address
|
28. December 2006 @ 04:41 |
Link to this message
|
|
Are we talking windows XP? Svchost.exe should be in the windows/system32 directory only. If your using that laptop right now you have to have that file in there because XP simply will not work without it. Unhide all files and search your c: drive for it. A copy of it may also be in the service pack files folder. The only reason I can think of you getting an error is because something is telling the OS to look in the wrong folder, system32/softreg for it. You may have to recreate that folder and put a copy in but I think the one in windows/softreg you had was bogus. If you can not find svchost.exe anywhere anybody can email it to you it's only 14K in size. If you do find it post the version number which should be 5.1.2600.2180
A system restore to a point before you killed that file then save a copy in another folder may help. You may get the virus back but I really don't think it's completly gone yet. Reason for the error. Then you can work on another method to kill the virus.
Have to love computers that don't come with real discs. What happens if the drive fails and the recovery partition is damaged? Then what. There should / may be a key you have to hit when booting up to tell the computer to load / fix the os from the recovery partition. Check out your user manual or go the the manufactures web site and find one there.
This message has been edited since posting. Last time this message was edited on 28. December 2006 @ 05:05
|
Senior Member
|
28. December 2006 @ 10:44 |
Link to this message
|
|
|
the_goat
Junior Member
|
28. December 2006 @ 11:06 |
Link to this message
|
Thanks BKF and all who helped me out with this problem.
I think the problem may be sorted out.
When I got the virus my Norton AV didn't show it up so I went into windows C:system32/softreg/svchost.exe and I could see the mIRC logo
so I used Gipo utilities remove on boot to delete it, this handy little tool will remove a file while your computer is booting so it works, even on files that are constsntly reading to the HD to prevent deletion. I have since learned that some viruses can be named svchost.exe and I am thinking that this is what I deleted, because my computer was working fine after I deleted it.
I took your advice BKF and looked up my user manual and I found that by pressing f11 on my keyboard I was able to recover my machine to factory settings, I had back ups of all my license's and SW's.
My computer is running very sweet now so a Big thanks to all of you,
AFTERDAWN IS THE BEST ON THE NET!
The Goat
|
|
the_goat
Junior Member
|
28. December 2006 @ 11:35 |
Link to this message
|
|
Hi RAV 009
Thanks for the link, I am hopeing by restoring to factory settings all will sorted.
I will post again in a week
Thanks again.
The Goat
|
Senior Member
|
29. December 2006 @ 01:26 |
Link to this message
|
|
Hi the_goat,
Since you've restored to factory settings, there's no need any more :-)
But if you want to, you can.
|
|
the_goat
Junior Member
|
29. December 2006 @ 02:57 |
Link to this message
|
|
Hi All
My machine seems to be running very sweetly now all thanks to you guys
Have a great new year everybody..
The Goat
|
Senior Member
|
29. December 2006 @ 03:04 |
Link to this message
|
|
Your welcome, happy new year.
|
|
healthcar
Newbie
|
10. January 2007 @ 09:42 |
Link to this message
|
|
I have exactly the same problem, and I'm not willing to do a system restore. Can anybody tell me how to locate and fix that registry entry?
|
|
Advertisement
|
|
|
|
healthcar
Newbie
|
10. January 2007 @ 16:42 |
Link to this message
|
|
|
