New
#11
oops, my bad! But, yes, clean out C:\windows\temp folder. If it gives you a permissions warning, take ownership.
Take Ownership Shortcut
oops, my bad! But, yes, clean out C:\windows\temp folder. If it gives you a permissions warning, take ownership.
Take Ownership Shortcut
Have deleted the C:\Windows\Temp file and I guess I'll have to wait and see if any further problems arise (as scans aren't showing anything).
Can you describe the annoying behaviour you mentioned in your first post? While svchost.exe is a valid windows generic host process, there is also a virus/worm that takes on that name. It is detected as W32/YahLover.Worm.gen by McAfee and Win32/Autorun.R.worm by NOD32. IDK what other AVs read it as.
The symptoms can be failure of the Task Manager and Registry editor to launch, or CMD restarting windows.
BitDefender would pop up a message saying Trojan.Generic.4129231 (I think that number is right) with the file being svchost.exe. It would usually appear when I click on the start button and when I tried to access Windows Live Messenger, but also popped up frequently while simply going about my day-to-day business.
Google didnt turn up anything for that particular number. But it could be a false positive. OTOH, it may not be. If you have Bitdefender still running, next time it throws up that message, try submitting it for analysis. That'll help establish what exactly it is.
From what I understand the SVCHOST.EXE is a virus if it is capitalized.
svchost.exe Windows process - What is it?
The "Application" svchost *random number*. tmp files are malware ...
Don't try to delete all, you could get a legit file!
Run Malwarebytes' Anti-malware as suggested above:
http://majorgeeks.com/download5756.html
C:\Windows\System32\ svchost.exe is the legitimate location and is the Host Process for Services