Hey hey! I recently downloaded Bazooka Spyware Detector, and it reported that svchost.exe was in my %WinDir% and that it was NOT supposed to be there.

It gave me a list of instructions to get rid of it manually, and a list of things that put it there and how to get rid of those manually as well. I've tried about 7 of the *0 solutions given, it svchost.exe still remains. I ran Norton AntiVirus 200* to check for trojans and what not, but nothing comes up.

I am mainly concerned about this because it seems to be interrupting my online gaming, making things difficult to get done... Please help!!

Also, I downloaded spybot, and it keeps detecting something called DOS Exploit everytime I run it, even with consecutive scans/fixes. X_x

C:\WINDOWS\system*2 thats where is should be at if your on XP. =svchost.exe

It's there also. I suppose I should have said that I have an EXTRA svchost.exe in my WINDOWS folder, and I don't know what keeps putting it there. X_x

Lol you have been exploited by some scriptkiddies :D :D

They used the exploit spybot said to install a ftp on a port between 0 and 65000 :S :D

Just install a firewall mate :P
And update da windows :)

why does svchost take up soooo much p memery?

i am running windows XP home Edition and i'm having problems with my online gaming experiance as well, i looked up my tasks and it appears that i have 4 svchost.exe's running

(i.e. 2 in system, * in local service, and * in network service)
(60,7*2k total memory usage by svchost.exe)
how can i tell which ones are real or not?

You got a Welchia Worm if your getting explorer errors, its from downloading porn games :) I'm serious. Norton cant get rid of it, its protected because its a system process and your explorer errors wont let you look at it anyway / Format :c

It appears that you have a Lovesan (Dumaru, BackDoor or some of a kind) virus in your system.
To evidence the fact of infection try to find with your search function these files: svohost.exe, swchost.exe. If you find them in your %windir%/system*2 folder - be sure your workstation is infected, you can also find the file svohost.exe in your processes in the task manager.
To get rid of it try to download a free utility from http://www.kaspersky.com/ or update your existing Antivirus and scan for viruses again. Good luck!

Originally posted by Unregistered
Hey hey! I recently downloaded Bazooka Spyware Detector, and it reported that svchost.exe was in my %WinDir% and that it was NOT supposed to be there.

It gave me a list of instructions to get rid of it manually, and a list of things that put it there and how to get rid of those manually as well. I've tried about 7 of the *0 solutions given, it svchost.exe still remains. I ran Norton AntiVirus 200* to check for trojans and what not, but nothing comes up.

I am mainly concerned about this because it seems to be interrupting my online gaming, making things difficult to get done... Please help!!

Also, I downloaded spybot, and it keeps detecting something called DOS Exploit everytime I run it, even with consecutive scans/fixes. X_x

Try http://www.thebugs.ws/news/show.shtml?id=55 if you got Dos Exploit problem

hey guys...there's a simple way to detect if u r using windows XP ...u get to see this file running in the processes tab under IMAGE NAME...now to the right side u see another list which states username....now if the username beside the various instances of svchost.exe is nethyin other than : LOCAL SERVICE,NETWORK SERVICE,SYSTEM ....( chances r its ur own windows user login )...then goto: c:/windows/system*2 folder n delete the file...

Also, I downloaded spybot, and it keeps detecting something called DOS Exploit everytime I run it, even with consecutive scans/fixes.

DSO exploit still found by SpybotS&D after scan and fix is a SpybotS&D bug. If you fixed it with SpybotS&D it is gone but still reported in later scans. This bug is fixed in SpybotS&D beta and new version will be released in a few days.

Originally posted by Unregistered
You got a Welchia Worm if your getting explorer errors, its from downloading porn games :) I'm serious. Norton cant get rid of it, its protected because its a system process and your explorer errors wont let you look at it anyway / Format :c

Symantec has a tool to remove the Welchia Worm; easy on the format c: tough guy.

Hi I searched for the svchost.exe in my computer and found it was in * separate folders.


C:\WINDOWS\system*2

C:\WINDOWS\ServicePackFiles\i*86

C:\WINDOWS\SoftwareDistribution\Download\6ca7b*a8efd5a*b6f87fff**5a2eb*8*


are any of these not supposed to be present? any help would be greatly appreciated. thanks.

I think that's visrus

C:\WINDOWS\SoftwareDistribution\Download\6ca7b*a8efd5a*b6f87fff**5a2eb*8*

It may be downloaded from IE in surfing.

But to delete it correctly you have to use AVP antivirus.

I think that's virus

C:\WINDOWS\SoftwareDistribution\Download\6ca7b*a8efd5a*b6f87fff**5a2eb*8*

It may be downloaded from IE in surfing.

But to delete it correctly you have to use AVP antivirus.

Finish the svchost.exe process with username being = your username and delete it from your windows. clear your internet cache.
svchost.exe ---> see the properties if u get "generic host proccess for win*2 services" then this is legitimate and it will be on system*2 in case u re using XP.
now go on start-run type cmd and when the command prompt window open
type: taskkill /f /im svchost.exe all svchosts will be killed.
now fastly type: shutdown /a to cancel the system shutdown that will happen when u kill the svchost.exe now type del c:\windows\svchost.exe and then delete the svchost.exe from that folder of IE. (the one with lots of numbers that u told u on your last post)

Originally posted by Unregistered
Hey hey! I recently downloaded Bazooka Spyware Detector, and it reported that svchost.exe was in my %WinDir% and that it was NOT supposed to be there.

It gave me a list of instructions to get rid of it manually, and a list of things that put it there and how to get rid of those manually as well. I've tried about 7 of the *0 solutions given, it svchost.exe still remains. I ran Norton AntiVirus 200* to check for trojans and what not, but nothing comes up.

I am mainly concerned about this because it seems to be interrupting my online gaming, making things difficult to get done... Please help!!

Also, I downloaded spybot, and it keeps detecting something called DOS Exploit everytime I run it, even with consecutive scans/fixes. X_x

There is a specific order you have to do these steps or the program can recreate itself evertime you log back onto your machine. Doesnt matter what virus/worm you may have -

Windows Anything

First- download/update Ad-aware and your Anti-Virus Program

Second- Open MSCONFIG, Uncheck all of the startup values (for windows 2k you can download MSCONFIG)

Third- Open regedit, [hkey_local_machine]/software/microsoft/windows/currentversion/run

Delete all the values here, NOT THE RUN FOLDLER

also make sure nothing is listed under the Runonce, runservices (all the run values)

[hkey_Users]Default/software/microsoft/windows/currentversion/
Check these folders: Run, Runonce, and Explorer

Delete all your (Temporary Items)
Temporary internet files
Ex: %userprofile%/Cookies
%userprofile%/recent

After you have removed all the values you KNOW should not be there, Run your Ad-aware, then you AV program(FULL SCAN).

RESTART COMPUTER IN SAFEMODE

Run ad-aware and AV scans once again-

You PC should thank you after this- There are a few other possibilities but this is the most assuring way to make sure unwanted progs do not start up. Its a long process but its worth it- especially if you do online ****ing and things like that.

Hope this help you out~

I concur,

For those of you who are unsure/afraid of using MSCONFIG (powerful tool in the wrong hands!), there is a neat (free!) little utility that will achieve the same results using a helpful gui.
Once installed, the program adds a 'startup' icon to control panel for easy access. Works on all Windows O/S.

Startup Control Panel (http://www.mlin.net/StartupCPL.shtml)

Check out the Startup Monitor also, (similar to spybot search & destroy tea-timer) also free!