svchost.exe called virus

  nbtmusic 14:38 25 Aug 2010


my virus checker keeps giving me a warning that an exe svchost.exe to be exact is acting as a virus, and situated in System32. it says it is sending hidden data.

ok the problem of course is there are SEVERAL svchost exes running and they are are of course legit..

in simple laymans terms how do i find out which is the guilty party and how do i get rid of it.
i ran the virus prog and it couldnt find anything

would be most greatful for any help

  nbtmusic 14:45 25 Aug 2010

oh i should mention i use windows XP home edition

  birdface 15:08 25 Aug 2010

Maybe try task manager to see which one of them is using up a lot of the CPU.

  gazzaho 18:20 25 Aug 2010

If you select show processes from all users in Task Manager, right click on each svchost.exe and select go to service(s) it will show you which service the svchost.exe process is running.

From there you would perhaps have a better idea of which service to check on a site like Process Library (click here) If you find one that looks suspect you could then run msconfig and disable the service, after ticking the hide all Microsoft services check box, restart and see if the problem persists.

I'm not saying this will solve your problem but it might be worth trying, you can always re-enable the disabled service with msconfig and try another, just be careful disabling MS related services.

  peter99co 19:26 25 Aug 2010

Which Anti virus is reporting/warning you of the virus?

Which Anti virus cannot find it?

  nbtmusic 07:41 26 Aug 2010

@gazzaho thankk you very much for your advice, i shall try that all today

@peter99co Kaspersky is the one telling me that one of the svchost.exe in sys32 is up to no good in its warning it always has an address that begins with this...

it says it cant find the file to quaratine it when i select that option, so i select forbid this operation.. ten minutes later it is back.

i have run a full pc scan with Kaspersky too, nothing comes up

  birdface 07:52 26 Aug 2010

According to this you have a .

TDL3 rootkit.

click here

  birdface 07:55 26 Aug 2010

Maybe try Hitman Pro that gets rid of rootkits.

click here

Free for 30 days.

  nbtmusic 08:27 26 Aug 2010


thank you I will do that, thanks for your help :)

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

No need to scan sketches into your computer with Moleskine's new smart pen

WWDC history: Apple's product launches since 2005

Comment importer des contacts d’un iPhone à un autre iPhone ?