Thanks - I did find 2 instances of svchost.exe outside of /system32 and
deleted them and rebooted by the same situation is going on.
I'm downloading the Process Explorer software now but I don't know how to
judge if something is wrong once I get a report.
I find 17 megs dedicated to an instance of svchost.exe to extreme. Would
appreciate any guidance!
Diana
Diana,
If you want to know more about the many processes running on your computer, get
Process Explorer (free) from
<
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>. Provides way more
information than Task Manager. You can look at any process and see what modules
it contains, and who wrote or distributed each module. And graph its memory and
CPU usage.
But if you found extra copies of svchost.exe, you better do a spyware / virus
scan.
How current is your virus protection? Try these free online virus scans, to
complement your current protection:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan/com/activescan_principal.htm>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional carriers of infection.
Have you downloaded these programs before? Download them again, as many are
revised frequently, to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.
First, download LSP-Fix and WinsockXPFIx from <
http://www.cexx.org/lspfix.htm>,
and CWShredder from <
http://www.majorgeeks.com/download4086.html>. All are
free.
Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.
Now check for, and remove, spyware. Get HijackThis
<
http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<
http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log. <
http://forums.spywareinfo.com/index.php?showtopic=227>
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it, or a link to your forum post, here):
<
http://forums.net-integration.net/>
<
http://forums.spywareinfo.com/>
<
http://forums.tomcoyote.org/>
<
http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
