Yes, but you can have 6 instances of svchost.exe running in the task
manager? did you searched for it (Ctfmon.exe)?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = how
many
entries there for the ctfmon.exe here?
The svchost.exe is a security process and can be used by many running
services, also you can experiencing a memory leak.
Process located here:
C:\WINDOWS\system32\svchost.exe size: 14336
Use this tool to see what taken the most usage of the CPU on your machine.
ShellExView v1.19 - Shell Extensions Manager
http://www.nirsoft.net/utils/shexview.html
Go through these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button
called
[ Clear History ..] click on it to clear your History caches, then click
on
[Delete Files..] to delete Internet Files created over the time, click on
[
Delete Cookies...] to delete your cookies left by visiting websites.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on
your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there
Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them
one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (off-line scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
How to speed your PC:
http://www.blackviper.com/WinXP/supertweaks.htm
Run disk clean up and then run this command:
sfc /scannow
How To: troubleshoot svchost.exe:
http://blogs.technet.com/askperf/ar...started-with-svchost-exe-troubleshooting.aspx
Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v2.0.2
(
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to:
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/forums/
Or other appropriate
forums for expert analysis, not here.
Let us know your progress.
nass
----
http://www.nasstec.co.uk
Edna Boxe said:
From what I hear if the svchost is in the system 32 folder then it's ok,
anywhere else & it's definitely a virus, is this correct?
Edna.