Trojan C:windows\svchost.exe

[Alien]

hi
i scanned my backup pc wid GIANT and if found the trojan
C:windows\svchost.exe
i told it to block it but if i look on the task manager the
process is still running and it take 50% of my processing
power..
is there a way to remove it and not just black it ..
thanks

 

[Mikolaj]

hi

i scanned my backup pc wid GIANT and if found the trojan
C:windows\svchost.exe
i told it to block it but if i look on the task manager the
process is still running and it take 50% of my processing
power..
is there a way to remove it and not just black it ..
thanks

First of all - send a Suspected Spyware Report through the Tools menu of
MSAS to the SpyNet.

Then turn off the System Restore: Start-> right click on My
computer ->Properties -> System restore -> select the box ' Turn off system
restore ' and press Apply, then exit.
(Remember to turn it on - i.e. deselect that box - again after cleaning the
system!!)

Next start the computer in the Safe mode (F8 during boot-up), run Windows
Explorer, go to your profile temporary folders (usually C:\Documents and
Settings\username\local settings\temp and c:\Documents and
Settings\username\local settings\Temporary Internet Files\Content.IE5) and
delete all the files in those directories and subdirectories. Then do a
full system scan with MS AntiSpyware (check the proper option under Scan
settings). Scan the computer with the antivirus software that you use. And
also with some other "cleaning" software such as:

Spybot Search&Destroy http://www.majorgeeks.com/download2471.html
HijackThis http://www.majorgeeks.com/download3155.html
CWShredder http://www.majorgeeks.com/download3019.html
Ad-Aware SE Personal http://www.lavasoft.com/software/adaware/
McAfee Stinger http://vil.nai.com/vil/stinger/

If you run HijackThis you can check the log it prepares - just copy and
paste it to the http://www.hijackthis.de web page and click analyze button.

Need a free antivirus? Try this one http://www.free-av.com

And protect your system with antispyware, antivirus and firewall software.
Keep this software up to date.
Also KEEP THE SYSTEM UP TO DATE (http://www.windowsupdate.com)

 

[Ron Chamberlin]

Alien,
Just in case this has whacked your AV, also go online and do a full, free
scan with either Trend Micro or Panda.

Ron Chamberlin
MS-MVP

 

[Roberto]

Are you sure this is a Troyan?
I have it and doen't look to be Troyan.

 

[Mikolaj]

Are you sure this is a Troyan?

I have it and doen't look to be Troyan.

I.e. it does not hold the banner "I am the trojan, but please do not remove
me" or it does not have the greek side-face ;-) ?

Original (system) svchost.exe file should be found in the
%SystemRoot%\System32 folder (%SystemRoot% is a variable that shows the path
to the Windows folder, and for XP it looks like c:\Windows, for 2000 like
c:\Winnt, for example).
Trojans place on the hard disks files that pretend to be the system ones.
So this is in this case, too. Name of the file is the same, but the file
itself is placed in the wrong folder..

Scan your system with antivirus and antitrojan applications - then you will
know..

 

[bobmary128]

First of all - send a Suspected Spyware Report through the Tools menu of
MSAS to the SpyNet.

Then turn off the System Restore: Start-> right click on My
computer ->Properties -> System restore -> select the box ' Turn off system
restore ' and press Apply, then exit.
(Remember to turn it on - i.e. deselect that box - again after cleaning the
system!!)

Next start the computer in the Safe mode (F8 during boot-up), run Windows
Explorer, go to your profile temporary folders (usually C:\Documents and
Settings\username\local settings\temp and c:\Documents and
Settings\username\local settings\Temporary Internet Files\Content.IE5) and
delete all the files in those directories and subdirectories. Then do a
full system scan with MS AntiSpyware (check the proper option under Scan
settings). Scan the computer with the antivirus software that you use. And
also with some other "cleaning" software such as:

Spybot Search&Destroy http://www.majorgeeks.com/download2471.html
HijackThis http://www.majorgeeks.com/download3155.html
CWShredder http://www.majorgeeks.com/download3019.html
Ad-Aware SE Personal http://www.lavasoft.com/software/adaware/
McAfee Stinger http://vil.nai.com/vil/stinger/

If you run HijackThis you can check the log it prepares - just copy and
paste it to the http://www.hijackthis.de web page and click analyze button.

Need a free antivirus? Try this one http://www.free-av.com

And protect your system with antispyware, antivirus and firewall software.
Keep this software up to date.
Also KEEP THE SYSTEM UP TO DATE (http://www.windowsupdate.com)

--
Pozdrawiam serdecznie / Kind regards
Mikolaj Kaminski
MS-MVP, Poland

Will following any of these step delete any memory on my computer because i have some very important documents on my computer? The help will be very much appreciated.