svchost.exe virus


  1. jennsf
    Posts : 3
    Windows 7 Home Premium 64 Bit
       New #1

    svchost.exe virus


    I have looked for numerous solutions to my problem but to no avail. My antivirus software had given me many warning of malicious URLs relating to the svchost.exe. I did not have any issues outside of those warning until the other day when I came back to my computer and got a blue screen.

    I have run countless scans on AVG Free, Malwarebytes, and Avast Internet Security. AVG and Avast were not picking up on anything, but Malwarebytes said that the svchost.exe was a Trojan and that it would delete on reboot...after reboot however, it was still there.

    From my understanding, svchost.exe is normally supposed to exist just in the C:\Windows\System32 folder, but I have another one in the C:\Windows folder that says it was created just a few days ago (as opposed to July 2009). There is something wrong with this svchost.exe in the Windows folder, but nothing seems to be getting rid of it.

    I am a novice when it comes to computers, but would rather not have to resort to paying over a hundred dollars to fix this issue. Is there any way to rid myself of this virus manually?

    (if this helps, I am running Windows 7 64bit on an HP Pavillion g6 series laptop)
      My Computer
    Quote Quote

  3. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #2

    What was the virus name/file that Malwarebytes identified it as? You can check the logs in MB to find it if you don't remember. I ask this since there are cleaners that target specific viruses. The name would be helpful.

    Also, did you check the box next to the listed virus so that it would be quarantined? MB will not act if you do not check the box.

    The other options for AV scanners are:

    SuperAntiSpyware

    This link is for the portable version, you can d/l it & run it from a FD or CD.
    Please note : The scanner is saved under a random filename so that malware infections won't block the scanner.
    Norton Power Eraser

    You will need an active net connection to run this tool.
    Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.
    Another option is to use a Bootable AV disk. This will scan your system at startup and attempt to clean out the infections before they initialize. Probably your best bet if the others can't remove it since the infected svchost is in active use by the system and can't be removed unless it's inactive.

    http://www.techmixer.com/free-bootab...download-list/

    Note: Kaspersky has caused problems in the past, if they have remedied this, I do not know, but it may be wise to try one of the other disks first
    Last edited by Borg 386; 31 Dec 2011 at 15:14.
      My Computer
    Quote Quote

  4. jennsf
    Posts : 3
    Windows 7 Home Premium 64 Bit
    Thread Starter
       New #3

    The file name that Malwarebytes gave me was "C:\Windows\svchost.exe". It said the file was a Trojan. On the majority of the times I did a scan, it only allowed me the option to Delete on Reboot, which I did at least 3 times. I believe one time it told me that it was quarantined and deleted successfully, but the file still hadn't moved anywhere.

    I did a boot scan with Avast, which I believe is similar to the Bootable AV Disk you are suggesting. It ran a four-hour scan on my entire system before Windows started, but all it ended up doing was corrupting my Windows user file, and when I checked the C drive, svchost was still there.

    Unfortunately I ended up sending the computer off to a local repair shop about an hour ago because I was out of all of the options that were available to me. Thank you for your help though.
      My Computer
    Quote Quote

  6. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #4

    Mostly when you get a file like that infected, one that actively runs when Windows is up and running, it's hard to get rid of it since it's in use by the system, something virus makers use to their advantage. If something like this happens down the road, give the above tools a try & consider running them in safe mode without a net connection. Viruses have a bad habit of calling for backup when you try to delete them.

    Making a system image can prove invaluable when something like this happens. Here's a couple links you may find useful.

    Backup Complete Computer - Create an Image Backup

    System Repair Disc - Create

    Another program you may wish to add to your arsenal is Rkill

    RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.
    http://www.bleepingcomputer.com/down...ti-virus/rkill

    Wishing you a safe & Happy New Year
      My Computer
    Quote Quote

  7. jennsf
    Posts : 3
    Windows 7 Home Premium 64 Bit
    Thread Starter
       New #5

    Thanks so much for the resources, and a happy new year to you too.
      My Computer
    Quote Quote

 

  Related Discussions
Hello. My friend borrowed my laptop earlier this morning and he returned it to me after 3 hours. Upon checking my laptop status, I saw to new processes: File name.exe and svchost.exe. I end it's processes and check the msconfig. I saw two new checked start-up entry: svchost.exe and Windows...
Hello, Iv'e started to use my brother's PC and I noticed that in every restart or boot that Malwarebytes Anti-Malware quarantines "svchost.exe" which is located at "C:\Users\\AppData\Local\Temp", I can know that it is a virus because 1. its not located in Windows\system32 and 2. it takes almost 1...
Virus in Svchost
in System Security

For a while now I have been having an issue with svchost.exe. I am running Malwarebytes Anti-Malware with the local protection. When I have the protection enabled it tells me that svchost.exe is trying to connect to an unsafe IP and it blocks it, however when MBAM blocks it, it blocks my internet...
svchost.exe virus?
in Performance & Maintenance

Hello all! It seems that from a day to another, my computer ( including internet ) started to have massive lags.Everytime I turn my router off so I can play S4League ( there's a topic I made to try to fix it but I couldnt do it so everytime I wanna play I gotta unplug my router) A friend of mine...
svchost virus
in System Security

From what I can understand the only svchost.exe should be found in the system32 folder. However, I completed a search and I've discovered it's in a lot more folders than system32. I need to get rid of these files as I believe they are the cause of my recent problems and annoyances. How do I go...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:59.
Find Us