About srvchost.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am seeing more than one srvchost.exe on the processes
tab when I open windows task manager. Could this be due to
virus?
 
-----Original Message-----
I am seeing more than one srvchost.exe on the processes
tab when I open windows task manager. Could this be due to
virus?
.
Check to see if you have a folder called
Click to expand...
C:\WINNT\system32\wins on your computer, if you do and
there is a copy of svchost in it, this is from the welchia
virus. It creates this folder and makes a copy of the
svchost file. Just go into your computer under safe mode
and delete this folder.
 
If he has the Nachi/Welchia worm, that information you provided would be insufficient !

The PC has to be patched and the worm eliminated.

Dave



|
| >-----Original Message-----
| >I am seeing more than one srvchost.exe on the processes
| >tab when I open windows task manager. Could this be due
| to
| >virus?
| >.
| >Check to see if you have a folder called
| C:\WINNT\system32\wins on your computer, if you do and
| there is a copy of svchost in it, this is from the welchia
| virus. It creates this folder and makes a copy of the
| svchost file. Just go into your computer under safe mode
| and delete this folder.
 
-----Original Message-----
If he has the Nachi/Welchia worm, that information you
Click to expand...
provided would be insufficient !
The PC has to be patched and the worm eliminated.

Dave



|
| >-----Original Message-----
| >I am seeing more than one srvchost.exe on the processes
| >tab when I open windows task manager. Could this be due
| to
| >virus?
| >.
| >Check to see if you have a folder called
| C:\WINNT\system32\wins on your computer, if you do and
| there is a copy of svchost in it, this is from the welchia
| virus. It creates this folder and makes a copy of the
| svchost file. Just go into your computer under safe mode
| and delete this folder.


.
Yes, you are right sorry, patch is KB823980, deleting
Click to expand...
this folder will eliminate virus though, patch should
still be applied
 
Nope...

The following patch SUPERCEDES the patch you indicated. The following patch is for the
RPC/RPCSS Buffer Overflow Vulnerability that is addressed by Microsoft Security Bulletin
MS03-39 http://support.microsoft.com/?kbid=824146

They should also use McAfee's Internet worm removal tool, Stinger
http://vil.nai.com/vil/stinger/ to remove any infected files in Safe Mode.

It is also suggested that they read the following URL:
http://www.microsoft.com/security/incident/blast.asp

They should also use a FireWall. If they don't patch the PC and not use a FireWall then
they will just be re-infected.

Dave



| >Yes, you are right sorry, patch is KB823980, deleting
| this folder will eliminate virus though, patch should
| still be applied
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Checking specific memory usage on old computer 3
Please Help! Virus? Avast, Firefox, Windows update quit working 4
Outlook closed but OUTLOOK.EXE still there 3
Slow response after boot up 2
User Permissions / Task Manager Slowdown Wierdness 1
Memory Usage doesn't add up 3
New Dell PC 6
Can't End Process 5

Back
Top