PG blocked svchost.exe from rminating opscan.exe

Just had an alert from PG 3 (full version) that it blocked opscan.exe (part of Norton Antivirus) from terminating. OS is XP pro sp2 and svchost.exe is in windows\system32 folder (14K). TDS scan didn't show any warnings, nor did a scan with Norton.

Don't think its a virus\trojan but this seems very odd behaviour. Should I be worried?

TIA

Tony

 

Hi Tony, Some programs try to see if they have terminate abilities on other programs, especially security apps, without any intention of killing anything.
If you only had one or two alerts I would not worry about it providing you know you can trust the file.

HTH Pilli

 

last nite, i had an alert popup to ask me if i wanted to allow svchost.exe to run.. i said yes but now i wish i had paid more attention to what was going on.. i removed svchost.exe from "execution protection" so that hopefully it will popup again..

(i know that svchost.exe is already showing as running in the taskmanager, but still, it popped up)..

 

Redwolfe,
If you have a look using tasklist you will see that you most probably have more than one svchost.exe process running. Each process hosts multiple services and you can see what these are by running tasklist /svc

Below is an example from my PC, you can see that svchost is running more than once and that each svchost process is providing different services

C:\>tasklist /svc

Image Name PID Services
========================= ====== =============================================
svchost.exe 916 DcomLaunch
svchost.exe 988 RpcSs
svchost.exe 1148 AudioSrv, CryptSvc, Dhcp, EventSystem,
helpsvc, HidServ, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, srservice, TapiSrv,
winmgmt, wuauserv
svchost.exe 1160 Dnscache
(with all the other processes left out...)
​

Next time the alert pops up have a look at what service the new svchost is running for you and you will probably be able to google it to get more information