svcchosst.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

vpblue

Thread Starter
Joined
Jul 2, 2007
Messages
2
Good morning all,

I am stuggling to get rid of svcchosst.exe. I have run HijackThis and here is the log:


Logfile of HijackThis v1.99.1
Scan saved at 11:06:08, on 02/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\PROTEC~1\POPUPR~1\popup.dll
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0DDEDF-0705-4CC3-9743-0045078BB47C}: NameServer = 212.139.132.7 212.139.132.6
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe

I have identified one problem, which seems to be svcchosst.exe, but I do not manage to get rid of it and/or there might be other problems that I cannot identify. Can someone help?

Thank you

Vpblue
 
Joined
May 17, 2007
Messages
1,408
Welcome to TSG vpblue.:)

I want to correct you in a few matters:-

1)It is svchost.exe and not svcchost.exe.
2)svchost.exe cannot be ended as it is a necessary system/network/local service and not a virus/spyware/trojan/etc.It is very necessary for Windows.
3)Post your HJT logs only in the Security forum so you may only get expert advice from the experts.
4)If you are confused,then please be clearer so that we may further assist you.
5)If you think the problem is same,then please mark the thread Solved by using it from the Thread Tools link on the top of this page because you will be searching for answer that will harm your computer more than it will benefit.

Please don't take it for wrong.I am just correcting you.Good Luck.
 
Joined
Dec 5, 2006
Messages
32,649
hello Vpblue

Is there any reason you are running xp with no service packs

Is this a legal copy of windows
 
Joined
Apr 15, 2007
Messages
34
It may be the case that Vpblue isn't making a mistake with his spelling.
I am quite sure I have seen svcchosst.exe run before along with the regular svchost.
It was a virus and when I resotred my system to an earlier date, it was fixed.

But, vpblue can assure us whether there is a spelling mistake or something else..
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Hi VPblue

before we go any further
why are you running XP with no service packs & updates

  • Please go here using Internet Explorer.
  • Click on "Windows Validation Assistant"
  • Click on the "Validate Now" button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click "continue"
  • When it says "Validation Complete" please click "Continue to return to your previous activity"
  • Copy what it says and paste it here.
 

vpblue

Thread Starter
Joined
Jul 2, 2007
Messages
2
shamim said:
It may be the case that Vpblue isn't making a mistake with his spelling.
I am quite sure I have seen svcchosst.exe run before along with the regular svchost.
It was a virus and when I resotred my system to an earlier date, it was fixed.

But, vpblue can assure us whether there is a spelling mistake or something else..
thank you for your reply. You are right, I am not making a mistake, svcchosst.exe is in fact a Trojan that tries to use a very similar extension as the very essential ones used in Windows, quite clever! However, Goku might think it is a mistake because when I checked the log I have sent, svcchosst.exe does not apear, so it might have confused him/her too. I will now get a service pack and update. As for the authenticity of my windows, I can only guess it is since the machine was a present already set up. I will keep you updated on the outcome. Thanks again
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top