SVCHOST

G

Greg

Hi

I am getting a warning from my virus software that my
svchost.exe file is infected with the win32/Nachi-b virus.

I have downloaded all the latest updates from Microsoft
and my virus software. The virus is giving me no problems
at all like crashes, rpc problems, etc and my firewall
stops any unauthorised connections. I just want to see if
I can get rid of this virus.

My virus software disenfenction finds the svchost file
with the virus and wants to delete it. Should I delete it?

If not how do I get rid of this?

I don't want to do anything that will screw up the
computer as its running nicely at the moment.

Many thanks for any help
Greg
 
R

Rick \Nutcase\ Rogers

Hi Greg,

Restart in Safe mode by hitting F8 at boot. Open Windows Explorer to this
folder:

C:\Windows\system32\wins

If svchost.exe exists here, delete it. This is the virus. The normal
svchost.exe file (of which you may find several instances in task manager,
again this is normal) is found under C:\Windows\system32. Then, start/run
regedit, look in these keys for a reference to the file in the \wins folder
and delete the string from the right pane.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Then close the registry editor and restart normally.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
W

Will Denny

Hi

You don't say which AV program you are using - try here:

http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.welchia.b.worm.html

--

Will Denny
MS-MVP Windows - Shell/User
Please reply to the News Groups


| Hi
|
| I am getting a warning from my virus software that my
| svchost.exe file is infected with the win32/Nachi-b virus.
|
| I have downloaded all the latest updates from Microsoft
| and my virus software. The virus is giving me no problems
| at all like crashes, rpc problems, etc and my firewall
| stops any unauthorised connections. I just want to see if
| I can get rid of this virus.
|
| My virus software disenfenction finds the svchost file
| with the virus and wants to delete it. Should I delete it?
|
| If not how do I get rid of this?
|
| I don't want to do anything that will screw up the
| computer as its running nicely at the moment.
|
| Many thanks for any help
| Greg
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SVCHost keeps crashing 9
SVCHOST 2
Windows Registry Repair Software May Be Your Final Option 5
svchost problems 2
JS/Downloader.Agent 6
svchost and regserv 1
possible virus please help 2
set##.tmp files in system32 folder 1

Top