Thanks guys, I did search my hard drive and found svchost.exe not only in
c:\windows\system32 but also in c:\I386. Does it mean I have a Trojan and
how do I remove it?
Jeezes, you sound like a complete tard... (No offence)
Do not Delete Svchost.exe, not ever! Svchost.exe is one of your Core Files, which makes it one of the most Vital System Components.
If you ever Delete, Svchost.exe your PC will Die, Got it ?
Svchost is utilized with DLL, Dynamic Linking Library, which happends to be the core of your operating system, and is responsible for Sharing Libraries.
Anyways... Yes, many Malwares, Trojan or Viruses use the name Svchost.
But... looking for them, based on ''directory location'' is kind of pointless.
Why ?
Because Many Trojans have the Function ''Melt Server. That Melts the server and copies itself to the system32 folder. So... it doesn't matter which location it is in...
There are other preparations that can be made. It helps to keep an eye on you regedit. You being a E-Tard... (No offence) shouldn't mess with it... but there are places you should always keep an eye on.
Trojans tend to locate themselves in certain keys... such as ''HKEY_LOCAL_MACHINE'' <Software> <Microsoft> <Windows> <Current Version> <Run> You don't have to know anything about computers... YOU just need to look for anything that looks suspcious. It would look really obvious, which... Suspcious looking executables.
They also like to hide themselves in HKEY_CURRENT_USER...
Keep an eye on your CMD, and active Connections.
Install a good Packet Sniffer, and IceSword, which is a Anti-Root Kit revealer.
Pay close attention to your systems performance. Like... Systems memory. Pay attention to unknown errors that occure. I.E. Applications that use plug-ins... Like Browsers Crashing and taking down other Process's. That occures a lot in certain Plug-Ins, that require active x control. (Normally IE) but does occcure in other web browsers.
This happends when Rouge DLL Files force themselves on other stacks and can cause ''Dependence'' can cause other DLL to hog other spots in memory and can crash those process's and all process's it's connected to.
That can be the cause of Malicious Payloads injecting themselves into legit applications, forcing them to load themselves in DLL's. It is normally used to Bypass Firewalls.
Pay attention to your systems performance. Like connections and traffic. See if traffic is loading slower, or failure to load properly.
Sometimes malware are design to scan a number of hosts or are connected to many remote locations, causing exceeding bandwidth.
Use Whois look up to identify hosts.
Comodo Firewall is a reliable firewall...
The most commonly Process Malware injects itself into is.. IE, and or MSN. Ditch IE, if you use it and switch to FIREFOX.
When using CMD... Use the commands -an or -o or -b
-an ( Lists all address's and listening ports)
-o ( Lists all connections Process ID Number)
- b (lists all applications that are connected to a connection)
Wireshark is a good packet sniffer. Also, WPE PRO. Which injects itself into a application and monitors all traffic that is being ran through it. It is detected as a virus but it isn't. It is only detected because of the Illegal Spydll. Which was used a lot on online gaming cheats.
It is a nice tool though...
And remeber... you will always be at risk...if you remain on Windows. You would be suprised on how much bugs windows truly has.
And you can never rely on antiviruses. It is very easy to bypass them...
Sincerely ~MDK~
