Solved: Strange issue with a file named "svchost.exe" where it shouldn't be!

Syst3mSh0ck · 04-Nov-2009, 06:56 PM #1

Hey guys wondering if you could shed some light on this issue.

I've just restarted my computer and after I login I noticed the "Computer" pane with my disks opens automatically, I tracked this down to the Autorun entry pointing to "D:\Ninja\Users\Syst3mSh0ck\AppData\Roaming\Microsoft\svchost.exe" now when I examine this file it says that it was previously called EXPLORER.EXE and created 3 months ago (when I installed the OS).

I have never known a Service Host process to be in the %AppData%\Roaming folder and the fact it is actually opening "Computer" when I run it seems very dodgy, I have submitted it to Jottie Online Scanner which checks the file with a multitude of AVs which turned out to be Clean, unless this is a valid error or a new virus out in the Wild.

I have Comodo Firewall running and it has not tried making any connections, so I am at a loss as to whether I should delete this or just leave it at just having removed the Autorun entry.

Input appreciated, thanks!

Phantom010 · 04-Nov-2009, 07:11 PM #2

You are most likely infected. You should click on the Report button and kindly ask to be moved to the Malware Removal forum.

And,

Please click here to download and install the HijackThis installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

Syst3mSh0ck · 04-Nov-2009, 07:23 PM #3

Nevermind, thanks for the advice, but I got rid of it and everything seems fine... God damn malware!

lunarlander · 05-Nov-2009, 03:16 AM #4

I don't think your PC is ok. How would that file get there in the first place? I wouldn't blame it on malware and not take further action to investigate this.

Syst3mSh0ck · 06-Nov-2009, 07:21 AM #5

Well I did some searching and it seems to be pointing to a registry issue. Also it could be a bug with Windows 7, although people using Windows XP were getting the same problem.

I did get a virus alert from Avast for a file a downloaded from isohunt.com (legally) so I suspect it may have been caused by that, the good news is that the file in question "svchost.exe" which wasn't a true Service Host but a direct copy of Explorer.exe renamed and placed in the Roaming directory was not trying to make any connections to the internet as per Comodo.

I'm a bit miffed really, thanks for your help.

Tag Cloud
access acer asus bios bsod computer crash dns drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet java laptop malware memory monitor motherboard network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!