Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Hi,

I'm from an embedded world.
Over-all it appears dependency/x-coupling of one protocol depending on another is becoming more ambiguous between RTOS' (worse in development OS' i.e. WinNT/XP/2K/..)platforms. Using memory maps was an easy way of finding out what was sucked in by the tornado (VxWorks is a good example of giving specs. of what comes IN when builds are done).

Do you have any suggestions in finding the same in conventional OS's as describe before (i.e. WinNT/XP/2K/..)?

thanks,
charles

If you truly mean build time, then that information is typically available from the build tools themselves. The linker with Visual Studio, for example, can be instructed to output a map. These days runtime is just as, sometimes more, impactful, and I recommend something like Process Explorer (http://ask-leo.com/d-31017a ) to see what DLL's are in use when an executable is running.

Leo

IF svhost.exe is not a virus, why are Symantec saying it is?

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.n.html

They're NOT.

They say "The existence of the file Scvhost.exe is an indication of a possible infection." CHECK THE SPELLING ... the c and the v are reversed, it's a different file.

Later in that same article they also say: "This should not be confused with the legitimate system file Svchost.exe."

Leo

Have a SVCHOST.exe on XP corrupted with the welchia B virus. Screwing my machine up. Have tried running the symantac welchia removal tool but it will not take it out. Can I replace the svchost.exe with another one from another XP machine through dos?
Thanks,,,Rich

THEORETICALLY yes. But it would be VERY easy to render your machine un-bootable if a mistake is made. Make sure it's from the same version of Windows, and make sure that you also update the version in XP's system file cache as well. If you succeed, then I'd immediately run System File Checker to ensure proper versions are in place, AND then hit Windows Update for latest patches and such.

Good luck!

Leo

Thanks Leo. Followed your suggestions and sure enough a second free virus scan produced a trojan virus and one other i've seen before "safesearch". I think that this is the one that gums up SVCHOST. After deleting the two viruses everything was back to normal. Firewall is now on again. Thanks!!
Bernard

Hi Leo,
Your comments on the svchost are interesting, I'll follow through with them.
Do you have any info on bartshell.exe or avserv.exe? Both of these are initiating errors and sucking up cpu usage.
Thanks, Bill

Bartshell: on references I've seen are viral related. Have you run a virus or spyware scan lately? I'd recommend it.

Avserv: I've come up empty on that one.

Good Luck!

Hi Leo,

Thank you for all the info so far. I was wondering if you can help me with my problem. My computer doesn't boot well the first time when I put my pc on. Also sometimes it's shut down and my pc says it's: TreuVector Service (that's ZoneAlarm isn't it).

Do you know why my firewall shuts it down and won't boot right the first time? I have checked for a virus and there where 2 but after scanning a lot of times there not here anymore so that's not the problem.

Sorry for my not so good english,

Thanks, Peter from Holland

To post a comment on "Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.", please return to that article's main page.