SCVHOST or SVCHOST?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Are Scvhost.exe and Svchost.exe the same thing or are they different.
I get the error from Windows can't find scvhost.exe, but I see others are
asking for help on svchost.exe.
Help!!
Thanks
Barb
 
No they aren't the same. Quiet and quite aren't the same, are they?

Svchost.exe is a legit XP file.

scvhost.exe is a process which is registered as the W32/Agobot-S virus. This
Trojan allows attackers to access your computer, stealing passwords and
personal data.

You might want to update your anti virus software a run a full system scan.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
OK.. I understand now.. but let me ask you.. I found it when I went into
regedit. Can I delete this without hurting my computer. I have updated my
virus program and everything is cleaned. I also rean CClean. Also have
Adware now.
Everything is ok..
Thanks..
Barb
 
Barb said:
OK.. I understand now.. but let me ask you.. I found it when I went into
regedit. Can I delete this without hurting my computer. I have updated my
virus program and everything is cleaned. I also rean CClean. Also have
Adware now.
Everything is ok..
Thanks..
Barb
Click to expand...

Where in regedit did you find it???
 
Under:
My Computer
Windows NT
Current Version
Run
Here I have :

Name Type Data
ab (Default) REG_SZ (Value not set)
ab Generic Host Process REG_SZ C:\Windows\system32\scvhost.exe

Thanks for any help you can give.. I really appreciate it..
Barb
 
Barb,

You can see the path on the bottom toolbar. I.e. My
Computer\HKEY_LOCAL_MACHINE or what ever it may be at the time.

You can pretty much ignore the My Computer reference. I think this only
shows that you aren't accessing a registry on a remote machine.

You can also copy the key name and paste it into your message, Notepad or
whatever.

Right click the key whose name you want to copy.
Select Copy Key Name.
Paste this where ever.

This is a key name copied and pasted...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Is this the key that you posted???

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Or this one??

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Run

Regardless.

Right click Generic Host Process in the right hand pane of the Registry
Editor (regedit).
Select Delete.
Answer Yes.

You may want to double check that scvhost.exe is gone from
C:\Windows\system32

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Hi Wes,
This is the one that I found it in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run
I deleted the generic host process and still get the error message when I
start Windows XP.
I can't find scvhost.exe anywhere now on the computer..
It is driving me crazy..
Any help will be greatly appreciated..
Thanks..
Barb
 
Hi Barb,

scvhost.exe seems to be created by a bunch of different viruses.

A reference (or more than one) to scvhost.exe is still in your registry.
The number of places that things can start from in the registry is too
numerous for me to count.

You may know this already, to do a Find (search) in the registry, hit your
F3 key, type or paste scvhost.exe in the Find What box, click the Find Next
button. When/if scvhost.exe is found delete the Value Name in the right
hand pane. Hit F3 again to Find Next and keep hitting F3 until you get a
message to the effect that you've reached the end of the registry. After
deleting all references to scvhost.exe. I don't remember the exact
message.
-----

As an example...

W32/Agobot-S creates the following registry entries...

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\Config Loader = scvhost.exe

and

HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\Config Loader = scvhost.exe

On Windows NT, 2000 and XP W32/Agobot-S may run itself as a new service
called Cfgldr.
-----

I don't know what virus you had, you may need to F3 for Config Loader and/or
Cfgldr.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Thanks Wes,
That worked.. Let me ask you another question. Every time I tried to run
Windows firewall, it tells me this:
Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS)
Service.
Do I need to change something in my internet connection. I had the firewall
up once before, so I don't know if this has something too do with the virus
or not.
Thanks
Barb
 
Hi Barb,

Glad you got that problem sorted out. :-)

I do not have SP2. I do not use Windows Firewall. I use ZoneAlarm
firewall.

That said. Without much more to go on, anything would be a guess. Guesses
are at the bottom. ;-)

Look in the Event Viewer for the Windows cannot start the Windows
Firewall... error.

Event ID & the Event Source are very important. With those two items anyone
can research the error message.

To open the Event Viewer...
Start | Run | Type: eventvwr | OK

For any Events that seem related to the problem...

Double click the event in Event Viewer | Click: the button below the second
arrow (looks like two pages) [[Copies the details of the event to the
Clipboard.]] | Paste into Notepad | Click:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge
Base articles | Follow any links that might be useful

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308427

Event Viewer overview
http://www.microsoft.com/resources/.../xp/all/proddocs/en-us/event_overview_01.mspx

This can also be very useful.
You need to have the Event ID & the Event Source.

To view Windows XP Events and Errors, type the Source (for example, Print)
and/or the Event code (for example, 20) into the ID field, then click the Go
button. Source and Event codes may be found in the Event Viewer logs.

Windows XP Home/Professional Events and Errors
http://www.microsoft.com/technet/su...ows Operating System&MajorMinor=5.1&LCID=1033

-----

Guesses here...

Make sure that all of these services are set Automatic. The links are there
to provide more info if you care to look.

What services Windows Firewall/Internet Connection Sharing (ICS) needs to
function properly:

Network Connections
http://www.blackviper.com/WinXP/service411.htm#Network_Connections

Remote Procedure Call (RPC)
This service is rather vital. Practically everything depends on this service
to be running.
http://www.blackviper.com/WinXP/service411.htm#Remote_Procedure_Call_(RPC)

Windows Management Instrumentation
http://www.blackviper.com/WinXP/service411.htm#Windows_Management_Instrumentation

Event Log
http://www.blackviper.com/WinXP/service411.htm#Event_Log

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost.exe blocked from accessing network 9
Startup Error Message 6
Help on Windows not finding something 5
System 32\scvhost.exe 1
svchost.exe is a virus! HELP! 4
Win XP SP2 crashing to desktop with no error message 3
windows slowdown 1
Restore points disabled by malicious software 5

Back
Top