Svchost.exe trojan – Eliminate malware threat
This article alike other of my articles will be devoted only to the problem of svchost.exe trojan. That means that here I will tell you about all possible threats that caused problem with svchost.exe process or viruses that had similar names to svchost.
I must say that svchost.exe problem spread mostly among Windows XP machines as this OS is much more vulnerable to trojans and viruses even with Service Pack 3. From 2001 till nowadays a lot of viruses tried using name of svchost.exe or different security holes in this part of the system to infect users PCs. Even unexperienced users heard something about this core process and they know that it is very important. Thats why trojans that pretend to infect svchost frighten users a lot.
You can fix svchost problem using Svchost Fix Wizard utility.
Or you can continue reading and try to determine your problem more accurately.
ScVhost.exe is not SVchost.exe
Yes, thats a popular trick. Malware copies its executable file to system32 folder and call it ScVhost.exe. 90% of users won’t pay attention to it, because it is very similar to legal svchost.exe process in the same folder. This trick usually performed by Gaobot worm. Here you can:
Svchost.exe but not in System32
Another tick is when malware creates file svchost.exe but not in the place where legal one should be. One great example is W32.welchia worm that creates file in %System%\wins\svchost.exe which can also make regular user think it is legal file. Here you can find great information of how to delete this threat:
- Download Security Stronghold W32.Welchia Removal Tool
- Download Symantec W32.Welchia Worm Removal Tool
Since first appearance of blaster it changed significantly and one of the signs of infection is infected svchost.exe process or problems with it. Here is a list of 2 quality Blaster Removal Pages:
Also there is a great idea to check your DCOM vulnerability using:
If above instructions or tools won’t help please, use Svchost Fix Wizard to solve problems with svchost infection or other svchost process issues.