1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is the file SVCHOST.EXE-3530F672.pf part of spyware or any sort of problem?

Discussion in 'Virus & Other Malware Removal' started by Frisbeeman, Feb 12, 2005.

Thread Status:
Not open for further replies.
  1. Frisbeeman

    Frisbeeman Thread Starter

    Feb 12, 2005
    On my hard drive is the file C:\Windows\Prefetch\SVCHOST.EXE-3530F672.pf. It is an 18 KB file dated 2/9/05, which is about one month AFTER I purchased my computer.

    I have Windows XP Pro on a Toshiba laptop.

    My investigation into this started when my Zone Alarm Pro gave me an alert stating "Generic Host Process for Win32 Services trying to act as a server." It involved a file called svchost.exe.

    I found the following at http://windowsxp.mvps.org/svchost.htm

    Description of Svchost.exe in Windows XP

    Each instance of Svchost process [you see in Task Manager] launches a list of services. Multiple instances of Svchost.exe can run at the same time. Four or five instances of svchost.exe is normal. If you want to see what services are run by each Svchost process:

    For XP Professional, using the Tasklist command:

    Click Start, Run and type cmd

    Type Tasklist /svc >C:\TaskList.txt

    The TaskList.txt will contain the services list (launched by each Svchost process). Windows XP Home does not have tasklist.exe. Download a copy from here

    A Description of Svchost.exe in Windows XP: http://support.microsoft.com/?kbid=314056

    WARNING: There are viruses circulating in the internet which uses the same name as svchost.exe. The legit svchost.exe will be present in the %Windir%\System32 folder.

    I think my instance of svchost.exe trying to access the Internet was legitimate because twice Google search results were taking forever to come back and the instant I clicked "Allow" on the Zone Alarm Alert my search results came back. I typically have 7 copies of svchost.exe listed as a process in Windows Task Manager.

    However, when I searched my hard drive for "svchost*.*" I discovered the SVCHOST.EXE-3530F672.pf file. Searching "SVCHOST.EXE-3530F672.pf" in Google produced surprisingly few results. Most of them were in foreign languages. When I restricted the searched the English it greatly reduced the results. One Google result was from a post on this forum dated 18-Apr-2004, 06:57 AM, but it was merely one of the files the person who made the post found on their hard drive.

    The Google results on “SVCHOST.EXE-3530F672.pf” gave no clear answer if it is spyware. Searching Microsoft's Knowledge Base, Symantec’s web site and Zone Alarm’s web site produced no results. I would think that if it were spyware there would be a lot more discussion about it on the Internet.

    Does anyone know if this is something malicious?

    Thank you.
  2. MFDnNC


    Sep 7, 2004
    Forget what is in prefetch, and if it botheres you empty prefetch and let it rebuild.

    Svchost is a normal process running out of system32

    If you are concerned

    SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
    AdAware SE 1.05 http://www.majorgeeks.com/download506.html
    SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

    DL them (they are free), install them, check each for their
    definition updates
    and then run AdAware and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    SpyBot - After an update run immunize

    Do these and reboot before the next step.

    Then get HiJack This http://www.majorgeeks.com/download3155.html, put
    it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
    log here.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329846