R
Robert A
Where should I go to get help trouble shooting something going on with
svchost?
svchost?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
JS
From Ramesh's web site: http://windowsxp.mvps.org/svchost.htm
Also: http://support.microsoft.com/?kbid=314056
To find out more about Svchost.exe entries try Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and the
'Show Lower Pane' options.
(This will provide some of the detailed info you may need)
Next expand the Process tree until 'Services.exe' has been expanded.
Next move the mouse cursor over the Svchost.exe process that you are
interested in. (You should now see a pop up with a list of services
associated with the Svchost.exe you selected)
Note: some Svchost entries may need to be expanded to show the
detail (sub processes), in this case click on the + located to the left of
the entry. Explorer and System/Services also need to be expanded.
Next double click on the Svchost.exe process that you are interested in.
The 'Properties' Window should now be displayed with numerous tabs.
(Two important tabs to look at are: Services and Environment)
Searching for web based information about a process:
Then mouse over the specific process that's you are interested in.
Next click on that process to highlight it,
Now that it's highlighted, right click and from the options listed select:
Search Online
This should display what out there on the web about that process.
As mentioned before: You can also double click on any process
to open up a more detailed 'Properties' window.
Another tool to try is: What's Running
http://www.whatsrunning.net/whatsrunning/main.aspx
JS
http://www.pagestart.com
Also: http://support.microsoft.com/?kbid=314056
To find out more about Svchost.exe entries try Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and the
'Show Lower Pane' options.
(This will provide some of the detailed info you may need)
Next expand the Process tree until 'Services.exe' has been expanded.
Next move the mouse cursor over the Svchost.exe process that you are
interested in. (You should now see a pop up with a list of services
associated with the Svchost.exe you selected)
Note: some Svchost entries may need to be expanded to show the
detail (sub processes), in this case click on the + located to the left of
the entry. Explorer and System/Services also need to be expanded.
Next double click on the Svchost.exe process that you are interested in.
The 'Properties' Window should now be displayed with numerous tabs.
(Two important tabs to look at are: Services and Environment)
Searching for web based information about a process:
Then mouse over the specific process that's you are interested in.
Next click on that process to highlight it,
Now that it's highlighted, right click and from the options listed select:
Search Online
This should display what out there on the web about that process.
As mentioned before: You can also double click on any process
to open up a more detailed 'Properties' window.
Another tool to try is: What's Running
http://www.whatsrunning.net/whatsrunning/main.aspx
JS
http://www.pagestart.com
R
Robert A
Thanks I've been using both WR and Processexp to look at things.
Scvhost is starting with -k netsvcs
What's bothering me is that all of a sudden it is sending 66 bytes and
receiving 62.
and just counting up the ports (I think) starts at 192.168.1.100:1and just
goes. It is at 4000 or so now.
This just started about a week ago.
Also the "Show Process Tree is grayed out..... I'm going to go and check
for a newer ver of process viewer.
thanks for your help.
Scvhost is starting with -k netsvcs
What's bothering me is that all of a sudden it is sending 66 bytes and
receiving 62.
and just counting up the ports (I think) starts at 192.168.1.100:1and just
goes. It is at 4000 or so now.
This just started about a week ago.
Also the "Show Process Tree is grayed out..... I'm going to go and check
for a newer ver of process viewer.
thanks for your help.
P
PA Bear [MS MVP]
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
http://support.microsoft.com/kb/827315
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
J
JS
Sounds like some form of malware that's doing
a port scan looking for away to get in
(or out if you are using an advanced firewall)
a port scan looking for away to get in
(or out if you are using an advanced firewall)
R
Robert A
I've used Hijack and looked at the file. There is nothing I cannot account
for. Thanks
for. Thanks
P
PA Bear [MS MVP]
Post a link to the forum thread where you've posted your HJT log for review
by an expert in such matters.
by an expert in such matters.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.