1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

deleted all reference to svchost.exe in registry - help

Discussion in 'Windows XP' started by chessbuff77, Jan 5, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. chessbuff77

    chessbuff77 Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    5
    I realized yesterday that my computer was hacked and had a trojan on it. In the process of cleaning up the trojan, I also deleted all references to svchost.exe from my win 2k machine registry. ( I saw mutiple version of it in task manager and I thought it was also a trojan - I now know it was a mistake).

    In an effort to tighten my security I disabled many services like rpc rpc locator , internet connection sharing etc. In fact I disabled the at the hardware profile level. After a reboot I can't now view the properties windows for these services. That mean that I'm unable to enable these sevices.

    Now ofcourse I have a computer that has its networking completely screwed up. File search does not work, neither does copy paste operations.

    Help wanted
    ------
    1. Is there a way for me to restore my registry entries without having to rebuild my machine?

    2. Is there a way to associate/enable a hardware profile with the services directly in the registry or using command prompt. I did extensive serach in the registry but could not figure out where to make the change

    thanks for helping I'm going crazy here.
     
  2. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I don't think you backed up the registry first? Or exported the keys you deleted for safe keeping? That's good practice for the future.


    I do not use 2000. But I have XP and don't know how you would restore without the ability of a having a restore point. Which 2k doesn't have. Here are some suggestions.


    Having a look at creating another Hardware Profile might be something to consider. If you go to help and do a search for Hardware Profile, the directions will be there for you.



    Have you considered doing a Repair Install?

    Here's a link to a page which will help you to configure Services in Win 2k.

    http://www.blackviper.com/WIN2K/servicecfg.htm

    In the Win XP registry here:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    All the services should be listed as subkeys. I would bet Win2k is the same.

    If you click on each service and look in the right pane for the DWORD Start you can change that value.

    A value of 4 is disabled.
    A value of 3 is manual
    A value of 2 is automatic

    I can disable a service and still be able to see its property page. So I am not sure what your situation is. Without the svchost keys I don't know. EDIT: See the next post for more information.


    Please backup your registry before you try anything again.
     
  3. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;250320

     
  4. chessbuff77

    chessbuff77 Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    5
    Thanks for your reply mosiac.

    I left the Win 2K Cd in office so repair install could only be attempted tomorrow.

    Most of the services I disabled are dependent on RPC service. However unfortunately I disabled the the service @ the hardware profile level. I did put 02 in the service and made it automatic. but now when i try to start it says that cannot start the service because there is no enable device or profie assosiated with it. I'll try the new hardware profile and see if it would be enabled for all the services.

    You wouldn't happen to know where the association of services to hardware profile is in the registry?

    thanks for your help.
    Chessbuff
     
  5. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I have never done this before. So I don't know.
    Have a look here too. You can always look. Making changes is another thing. HKLM\System is a dangerous place. Be careful and backup. Otherwise you may be in for some big problems.


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles

    EDIT: Let me do some research and see what else I can find. The Hardware Profile might be the best bet other than the Repair Install.
     
  6. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I can't find that exact message .

    I hope the new profile works. If you do a repair install you are going to have to reinstall all service packs and updates etc. I did a repair install of XP last week and it took a while to get everything back.
     
  7. chessbuff77

    chessbuff77 Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    5
    hardware profile uses the existing profile as model so it would not help. My problem is that different applications are not spawning a new window. so I cant look at properties etc. I think I'll try the repair install tomorrow.

    I'll let you know if that solves the problem.
    thanks for your help Mosiac. I still wonder where the linkage between the services and hardware profile in registry is though. looked for hours yesterday but could not pin it down.
     
  8. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I am new to XP. I see what you mean about the Hardware Profiles.
    I have been doing some research and have found a command line you can use to work with Services.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;166819

    sc.exe
    Open a prompt type sc
    Type that and you will have access to the properties you need.

    When you type sc and press enter, the screen will fill with information on how to use sc.exe

    Not sure if this will help you at this point.
     
  9. chessbuff77

    chessbuff77 Thread Starter

    Joined:
    Jan 4, 2003
    Messages:
    5
    I looked at sc. It helps you modify the properties but did not help with the assoiation of hardware profile with services. After the repair install the registry entries for svchost were restored but the machine still did not function. It was because of Remote Procedure Call service. Apparently this service in Win 2K should NOT ever be disabled. Especially not at the hardware profile level.

    Mosiac I had to reinstall windows 2000. I lost my documents folder but saved the photos on my machine so all was not lost. I think I also blew my wireless network adapter. It has stopped blinking. Well after three days of misery (research was fun) I'm kind of getting back on my feet.

    Thanks for your help Mosiac. Your postings were a big help.
     
  10. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    chessbuff77,

    I am sorry to hear that. You're welcome. Although I was of little if any help, though. I think your conclusion about RPCSS is on the money.

    And this was the result of a trojan? I really think people who write nasties should be ... strung up.


    Mo
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/111467

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice