svchost.exe trojan - Help needed

  nagano 15:57 09 Apr 2003
Locked

Hi

I am running XP Pro on an Athlon 1.2, 512 ram, 100 gb hd, aiw 32mb ram.

I have Ad-watch running and on start up it comes up with "harmfull process identified". I run Ad-aware 6 and the log reports the following:

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32 ThreadCreationTime : 09-04-2003 07:32:28
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 23/08/2001 12:00:00
Last accessed : 09/04/2003 07:08:48
Last modified : 23/08/2001 12:00:00
Warning! Trojan object found in memory(svchost.exe)

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32 ThreadCreationTime : 09-04-2003 07:32:28
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 23/08/2001 12:00:00
Last accessed : 09/04/2003 07:08:48
Last modified : 23/08/2001 12:00:00
Warning! Trojan object found in memory(svchost.exe)

#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32 ThreadCreationTime : 09-04-2003 07:32:38
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 23/08/2001 12:00:00
Last accessed : 09/04/2003 07:08:48
Last modified : 23/08/2001 12:00:00
Warning! Trojan object found in memory(svchost.exe)

I have run Norton AV and it has not picked it up.

Trying to close the process shuts the computer down automatically through a dialogue box with 60 secs grace.

Can you advise how I can get rid please?

Is it a re-install jobby?

Regards

Ric

  JoeC 16:06 09 Apr 2003

Symantec site and then Security Response, enter svchost.exe into the search box and it will bring this one up, along with removal instructions. Virus definitions from October 2002 have been able to pick it up - according to Symantec. : }

  Terrahawk 16:12 09 Apr 2003

svchost is part of xp dont know why adware is showing it as a trojan unless something has attached its self to it

  JoeC 16:15 09 Apr 2003

Backdoor.Litmus.203.b is a variant of Backdoor.Litmus.203. When Backdoor.Litmus.203.b runs, it performs the following actions:

It copies itself as %windir%\Random\Svchost.exe.

NOTE: %windir% is a variable. The Trojan locates the Windows main installation folder (by default this is C:\Windows or C:\Winnt) and uses it as a destination folder.

The Trojan creates the value

LTM2 %windir%\Random\Svchost.exe

in the registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

so that the Trojan starts when you start or restart Windows.

  nagano 14:34 10 Apr 2003

Thanks to those that responded.

Tried the fix at Symantec, unfortunately didn't seem to work, so have reinstalled.

Ta

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Inside the iMac Pro - Apple's most powerful Mac yet

iMac Pro release date, UK price & specs

Comment nettoyer Windows et optimiser son PC gratuitement ?