1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svcchosst.exe

Discussion in 'Virus & Other Malware Removal' started by vpblue, Jul 2, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. vpblue

    vpblue Thread Starter

    Joined:
    Jul 2, 2007
    Messages:
    2
    Good morning all,

    I am stuggling to get rid of svcchosst.exe. I have run HijackThis and here is the log:


    Logfile of HijackThis v1.99.1
    Scan saved at 11:06:08, on 02/07/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\PROTEC~1\POPUPR~1\popup.dll
    O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0DDEDF-0705-4CC3-9743-0045078BB47C}: NameServer = 212.139.132.7 212.139.132.6
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe

    I have identified one problem, which seems to be svcchosst.exe, but I do not manage to get rid of it and/or there might be other problems that I cannot identify. Can someone help?

    Thank you

    Vpblue
     
  2. Goku

    Goku

    Joined:
    May 17, 2007
    Messages:
    1,408
    Welcome to TSG vpblue.:)

    I want to correct you in a few matters:-

    1)It is svchost.exe and not svcchost.exe.
    2)svchost.exe cannot be ended as it is a necessary system/network/local service and not a virus/spyware/trojan/etc.It is very necessary for Windows.
    3)Post your HJT logs only in the Security forum so you may only get expert advice from the experts.
    4)If you are confused,then please be clearer so that we may further assist you.
    5)If you think the problem is same,then please mark the thread Solved by using it from the Thread Tools link on the top of this page because you will be searching for answer that will harm your computer more than it will benefit.

    Please don't take it for wrong.I am just correcting you.Good Luck.
     
  3. Blackmirror

    Blackmirror

    Joined:
    Dec 5, 2006
    Messages:
    32,642
    hello Vpblue

    Is there any reason you are running xp with no service packs

    Is this a legal copy of windows
     
  4. shamim

    shamim

    Joined:
    Apr 15, 2007
    Messages:
    34
    It may be the case that Vpblue isn't making a mistake with his spelling.
    I am quite sure I have seen svcchosst.exe run before along with the regular svchost.
    It was a virus and when I resotred my system to an earlier date, it was fixed.

    But, vpblue can assure us whether there is a spelling mistake or something else..
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    Hi VPblue

    before we go any further
    why are you running XP with no service packs & updates

    • Please go here using Internet Explorer.
    • Click on "Windows Validation Assistant"
    • Click on the "Validate Now" button.
    • Be patient while the ActiveX loads, do not click on any links.
    • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
    • Enter your product key then click "continue"
    • When it says "Validation Complete" please click "Continue to return to your previous activity"
    • Copy what it says and paste it here.
     
  6. vpblue

    vpblue Thread Starter

    Joined:
    Jul 2, 2007
    Messages:
    2
    thank you for your reply. You are right, I am not making a mistake, svcchosst.exe is in fact a Trojan that tries to use a very similar extension as the very essential ones used in Windows, quite clever! However, Goku might think it is a mistake because when I checked the log I have sent, svcchosst.exe does not apear, so it might have confused him/her too. I will now get a service pack and update. As for the authenticity of my windows, I can only guess it is since the machine was a present already set up. I will keep you updated on the outcome. Thanks again
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590859

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice