how to figure svchost/virus report

[TNS]

I have gone round and round with AV and am back to Norton Corp. Had
KAV for a bit and it reported Litmus and Trojan Downloader/Win32 Pitux
located in System Restore.
I have removed old system restore, scanned with Nortons, checked the
registry, etc. and I THINK I'm clean.
The question is: It said on some site that Downloader could run as a
service (svchost) and when I do task manager, I get a Local and
Network Service svchost proccess running.
What do these guys do, and how would I know if they were running
Trojans?
I have Nortons Corp, Sygate Personal Firewall, Spyguard spyblaster,
and Adaware/Adwatch running....also NAT firewall....I ought to be
pretty safe, but I don't care for spyware or trojans.
Is there a way to tell which processes (esp. svchost) are ok?

TIA

 

[taff]

I have gone round and round with AV and am back to Norton Corp. Had
KAV for a bit and it reported Litmus and Trojan Downloader/Win32 Pitux
located in System Restore.
I have removed old system restore, scanned with Nortons, checked the
registry, etc. and I THINK I'm clean.
The question is: It said on some site that Downloader could run as a
service (svchost) and when I do task manager, I get a Local and
Network Service svchost proccess running.
What do these guys do, and how would I know if they were running
Trojans?
I have Nortons Corp, Sygate Personal Firewall, Spyguard spyblaster,
and Adaware/Adwatch running....also NAT firewall....I ought to be
pretty safe, but I don't care for spyware or trojans.
Is there a way to tell which processes (esp. svchost) are ok?

TIA

As long as you have done all the scans and have an AV and firewall
running, If nothing shows, you should be safe.
There is no guarantee though since new viruses are always coming out
and the AV's are always behind by a short time.

If you want a check, then run Hijackthis,
http://mjc1.com/mirror/hjt/ and send the log file here. I am sure some
kind expert will tell you if anything should not be there.

Taff..........



www.sounds-pa.com | www.thecomputerworkshop.com

 

[TNS]

Thanks for the reply Taff...I will keep an eye on it!

---TNS

 

[Duane Arnold]

I have gone round and round with AV and am back to Norton Corp. Had
KAV for a bit and it reported Litmus and Trojan Downloader/Win32 Pitux
located in System Restore.
I have removed old system restore, scanned with Nortons, checked the
registry, etc. and I THINK I'm clean.
The question is: It said on some site that Downloader could run as a
service (svchost) and when I do task manager, I get a Local and
Network Service svchost proccess running.
What do these guys do, and how would I know if they were running
Trojans?
I have Nortons Corp, Sygate Personal Firewall, Spyguard spyblaster,
and Adaware/Adwatch running....also NAT firewall....I ought to be
pretty safe, but I don't care for spyware or trojans.
Is there a way to tell which processes (esp. svchost) are ok?

TIA

Win NT 4.0 and Win 2k svchost.exe should be running out of c:\Winnt
\system32 and on XP and Win 2k3 that's c:\windows\system32 that also
includes dllhost.exe running out of the above directories. If they are
not running out of those directories, you can consider them Trojans.

However, malware can use svchost.exe and dllhost.exe on their behalf to
get out to the Internet. So you use Active Ports (free use Google) to see
connections in real time. You use Process Explorer and/or PRCview (both
free use Google) to view all process running on the machine and what
directories things are running out of along with using PE or PrcView to
look inside something like svchost.exe to see what other processes are
using it.

Duane

 

[TNS]

Great tips! I will definitely check out these programs.
Much appreciated!

---TNS

 

[Good!]

I would get netlimiter, so you can keep an eye on where the outgoing traffic
is going from your PC.
IT will tell you all the programs that are running and what IP they go to.