svvchost

Discussion in 'malware problems & news' started by fed-up, Nov 6, 2006.

Thread Status:
Not open for further replies.
  1. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    I am looking for info on this paticular file that I found in my start-up folder. I have nod 32 & spysweeper installed on an xp2 cpu.

    thanxs
    tom
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    svvchost... yep that's what I copied down but when i get home i'll double check.

    I was checking spysweepers start-ups tab and decided to uncheck a few things when i saw this file 3 times in start-up. i googled it too and i was hoping it wasn't as bad as prvix says it is.

    nod32 or spysweeper as of yet has not flag it.

    what now

    tom
     
  4. Cameltoe

    Cameltoe Registered Member

    Joined:
    May 14, 2006
    Posts:
    7
    First i would make sure of the spelling as it's important with this.

    I'm certainly no expert at this but if it turns out to be svchost, here's some info on that,

    http://www.neuber.com/taskmanager/process/svchost.exe.html

    When i open taskmanager on my system i most always have 5 instances of svchost running all the time.



    Cameltoe(aka snowbound)

    Oops i accidently logged in under my GF's username. :D
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    He is talking of svvchost not svchost-- but I can see he is not sure( Edit)--
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Are u addressing me?

    If so, i realize that.



    snowbound
     
  7. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Either way.....I have never seen the legit svchost in that location. :rolleyes:
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Good point.


    snowbound
     
  9. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    This is what i copied down... microsoft svc host-svvchost.exe. I know about svchost in taskmanager but this is definitly in start-up not once but 3 times.
    I googled it and became worried but when i looked in wilders i couldn't find anything pertaining to svvchost so i assumed i might have copied it wrong but i don't think i did. because this file starts with microsoft i figured i better see what it does before i click it off.

    thanx for the help everyone
    tom
     
  10. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Do not think "clicking it off", it allows itself to be, will do the trick as it will probably re-start, re-install itself at the next boot. It, and it`s source will need to be removed\uninstalled. Let us know how you do.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No, I was addressing to Cameltoe.
     
  12. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    If i'm to rid myself of this bug methinks i am going to need a lot of help. Do i have to buy another av or as or is there a better way.:blink:
     
  13. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    snicker oops Sorry. Snowbound accidentally logged in under the wrong User name. So, in a sense, you were. sorry, but I needed a little chuckle and you two just provided it. Thank You. ;) :D
     
  14. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    What do you use now? Were you able to terminate it via Task Manager? Have you or anyone installed any new software recently?
     
  15. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    nod32... spysweeper... no recent installs
     
  16. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I know a cheaper way. ;)

    After u have answered TZ's questions and if u are unable to terminate the process permanently, one option is u could post a Hijackthis log over at this site,

    http://gladiator-antivirus.com/forum/index.php?showtopic=10517

    If u decide to do so, just follow the instructions at the link, post your log there for analysis and the malware experts will give u recommendations on removal of potential infections.



    snowbound
     
  17. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Please list your current security apps. before downloading and installing the program from my provided link. Sure do not want to cause any conflicts and increase your problems. Many here claim good results with this -> http://http://fileinfo.prevx.com/adware/qq8f8a23967886-SVVC18316765/SVVCHOST.EXE.html I believe the first scan and clean is free. After that it can be left on your PC for detection purposes but must be purchased for any further removals. Or of course it can be un-installed.
     
    Last edited: Nov 6, 2006
  18. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    ok thanx tz & sb... i'll try to terminate using taskmanager first then i'll try previx

    sp2
    windows firewall
    nod 32 2yrs
    spysweeper 2 yrs

    till tomorrow then

    tom
     
  19. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    So you are saying neither of them detects it doing full scans? Also that you have not recently installed any new software. If you choose to try Prevx, I do not see any potential conflicts. Keep us posted.
     
  20. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    svvchost does not show up in taskmanager also now a new start-up has shown up called kernalfaultcheck %systemroot%/system32/dumprep o-k
     
  21. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    That is related to System Properties\Advanced tab\Startup and Recovery, settings button\System Recovery and has to do with memory dumps. Probably happened when you attempted to stop the process. Are you sure of the spelling of the process in question? Have you run full scans with you two fully updated security applications?


    Edited; Sorry, Just re-read the whole thread. Have you checked properties on these folder? Size, creation date? Have you simply tried deleting them.
     
    Last edited: Nov 8, 2006
  22. fed-up

    fed-up Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    19
    i will do a complete sweep with both programs. since i just installed spysweeper last week i thought i had 5.2 but only have 5.0 i will download later tonight
    nod32 1.1856

    thanx for your help
     
  23. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    http://spywarefiles.prevx.com/RRDGGH18316765/svvchost%252Eexe.html is an alternative view. That shows the most common use of the svvchost.exe filename in the Prevx database and a link (at the bottom) to other uses of it.

    BTW, Prevx1 is free for 32 days after it first detects malware. There's no point uninstalling it after your first detection as the 32 days will still count down. If you install again 30 days later you will only get 2 free days!!!! To get your full 32 days of free protection from Prevx1 you will need to keep it installed.
     
    Last edited: Nov 7, 2006
  24. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    The real and good svchost.exe is at X:\WINDOWS\System32
    Any other location is bad.

    ~~ snip ~~ LowWaterMark
     
    Last edited by a moderator: Nov 7, 2006
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As I googled it seems to be a mass mailing worm. I wonder why NOD32 and SpySweeper are not detecting anything at all.
     
Thread Status:
Not open for further replies.