BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 5d, 6h, 52m | CPU: 34% | MEM: 2133MB of 4495MB used
{The community for beta collectors}

Post new topic Reply to topic  [ 11 posts ] 
Author Message
 PostPost subject: New information on Virus        Posted: Wed Feb 06, 2008 9:50 am 
Reply with quote
FTP Access
User avatar
Offline

Joined
Sat Jun 30, 2007 8:25 pm

Posts
321

Location
Eggmanland/Toronto

Favourite OS
Longhorn 4015.lab06
Hey all,


I was posting before on a virus and after some research, i found out that it is in the process 'svchost.exe'

I'll post pics later as the image uploader is fizzing on me :?

_________________
I am The Eggman! -The Doctor
Like Pictures? Bored? Check out some Photography and "Like" it! Check it out here!


Top  Profile  WWW
 PostPost subject:        Posted: Wed Feb 06, 2008 9:55 am 
Reply with quote
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12392

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
svchost.exe is actually part of windows but a virus has been known to use the same name. None of them should run as a username but rather SYSTEM, NETWORK SERVICE, or LOCAL SERVICE. Also if it uses 100% cpu, this isn't a virus, its just a bug in the code and killing it fixes it.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject:        Posted: Wed Feb 06, 2008 12:14 pm 
Reply with quote
FTP Access
Offline

Joined
Mon Dec 24, 2007 6:07 pm

Posts
63
scvhost.exe process is the W32/Agobot-S virus
svchost.exe process is part of Windows, and runs services.


Top  Profile
 PostPost subject:        Posted: Wed Feb 06, 2008 5:53 pm 
Reply with quote
FTP Access
User avatar
Offline

Joined
Wed Aug 30, 2006 10:06 pm

Posts
2393
Open the location of each instance of svchost.exe from Task Manager and see where it is - it should be in system32, if it's in Windows it's a virus (viruses often use that name but in a different folder as it's normal to have several instances of svchost running). I ran into one of these a while ago, if you have a service in services.msc called "Power Manager" (trying to look like a genuine Windows process) then you have the same one.

_________________
Image


Top  Profile
 PostPost subject:        Posted: Sat Feb 23, 2008 3:58 am 
Reply with quote
You could try the standalone virus scanners from McAfee and NOD32 found at Edskes' file mirror.

Also there's TrendMicro's Damage Cleanup Engine/Template -> sysclean found at their site. It needs the virus signature package (lpt$$$.zip) from here. Just unpack the signature file to the same folder as sysclean.com and launch the latter.

There are other goodies available there, of which Ad-Aware also seems a very good choice against spyware. Unfortunately the 2007 versions don't work with Win9x anymore.


Top
 PostPost subject:        Posted: Sat Feb 23, 2008 4:30 am 
Reply with quote
Donator
Offline

Joined
Fri Oct 26, 2007 5:12 pm

Posts
2461
I had the same virus on XP. AVG free got rid of it.


Top  Profile
 PostPost subject:        Posted: Sun Feb 24, 2008 2:27 am 
Reply with quote
I had this sort of problem once. Use some of systernals' tools to explore details about what svhost is running.

I had one of such problems once, and the file managed to hide itself from Windows Explorer (not even as a hidden file). I had to use another file manager like Total Commander to root it out.


Top
 PostPost subject:        Posted: Sun Feb 24, 2008 8:50 am 
Reply with quote
Donator
User avatar
Offline

Joined
Sat Oct 07, 2006 12:04 pm

Posts
2797

Favourite OS
Anything checked :P
And a lot of people call their trojan exe's 'svchost.exe' and put it in a different directory to %systemroot%\system32 .

_________________
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

Glitch City Laboratories ForumsSoftHistory Forumsirc.rol.im #softhistory,#galaxy

If you like my posts, donate me Dogecoin: DLnZV8DS3CaZmLKAVxL2aMijY2vUZeyjBi


Top  Profile
 PostPost subject:        Posted: Sun Feb 24, 2008 7:12 pm 
Reply with quote
FTP Access
User avatar
Offline

Joined
Sat Jun 30, 2007 8:25 pm

Posts
321

Location
Eggmanland/Toronto

Favourite OS
Longhorn 4015.lab06
happy dude wrote:
I had the same virus on XP. AVG free got rid of it.


If so, could you tell me the name, and side effects?

Oh, and i managed to get my virus scanner to scan my c: and d: drives, but it found nothing.

_________________
I am The Eggman! -The Doctor
Like Pictures? Bored? Check out some Photography and "Like" it! Check it out here!


Top  Profile  WWW
 PostPost subject:        Posted: Sun Feb 24, 2008 7:16 pm 
Reply with quote
Administrator
User avatar
Offline

Joined
Fri Aug 18, 2006 11:47 am

Posts
12392

Location
Merseyside, United Kingdom

Favourite OS
Microsoft Windows 7 Ultimate x64
Dr Eggman wrote:
happy dude wrote:
I had the same virus on XP. AVG free got rid of it.


If so, could you tell me the name, and side effects?

Oh, and i managed to get my virus scanner to scan my c: and d: drives, but it found nothing.




rififi wrote:
scvhost.exe process is the W32/Agobot-S virus
svchost.exe process is part of Windows, and runs services.


According to that it is NOT a virus, it is a part of Windows. Check the spelling so make sure the C and V are not switched. The real svchost.exe on windows does have a bug where it will use 100% cpu.

_________________
Image

BetaArchive Discord: https://discord.gg/epK3r6A


Top  Profile  WWW
 PostPost subject:        Posted: Sun Feb 24, 2008 8:00 pm 
Reply with quote
Donator
Offline

Joined
Sun May 13, 2007 12:42 am

Posts
2404
The virus could have made its own service.


Top  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 




Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS