| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 49807 | 2004-10-01 06:36:00 | Virus and svchost | Tobas (224) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 277351 | 2004-10-01 06:36:00 | Is it a coincidence, of late I have been getting many pop up's saying "svchost.exe has generated errors and will be closed. An error log is being generated, etc" Also over the past two weeks I have had repeated virus attacks as located by AVG and this was from several virii (?). Mainly backdoor types. Looking into my Win2000pro machine I note there are several instances of svchost.exe and just wonder if the two are connected. AVG seems to heal any outbreak, but still they return. As far as I am aware, win2000 does not have any restore function , or at least "help" does not show anything, so if true, the virus should not be located somewere else, just waiting to re-infect. Additionally, I need to clarify the relationship between a firewall and an anti virus program. My understanding is the the firewall is to try to intercept any not wanted, (like a virus), program and others, from getting into the computer in the first place, and the the anti virus program is to detect any virus that sneaks past the firewall and deal to it. Using win2000pro, 1 gig, 256 odd ram, Agnitum firewall and AVG antivirus, ad-aware and spybot 1.3. Maybe, just maybe, it is time to wipe the HDD clean and start again. Assistance appreciated. |
Tobas (224) | ||
| 277352 | 2004-10-01 08:02:00 | AFAIK there should be a maximum of two iterations of this file. One in system32 and the other in dllcache. File size should be 7,592 and the date 7-12-1999. That is the score in my W2K Pro box anyway. Delete any others and see what happens. I think the one in System32 is the active file so you can always rename that one too if the problem continues and copy across the one from dllcache. Cheers Billy 8-{) |
Billy T (70) | ||
| 277353 | 2004-10-01 08:03:00 | Try these online scans they may help. Panda Active Scan -- here (www.pandasoftware.com) Housecall -- here (www.trendmicro.com) Trojan scans here (www.anti-trojan.net) Spyware scanhere (www.windowsecurity.com) hth |
johnboy (217) | ||
| 277354 | 2004-10-01 08:07:00 | Well, there just has to be some form of system restore in win2000 as since my previous post to this site, no less than three backdoor virus have re-infected my computer. And they have all been healed by AVG. Maybe AVG is not telling the truth and they have not been removed/healed in the first place! Not making a lot of sense at present. |
Tobas (224) | ||
| 277355 | 2004-10-01 08:11:00 | Hi johnboy, I have already done Housecall and Panda with negitive results. I will try the other two soon. Thanks |
Tobas (224) | ||
| 277356 | 2004-10-01 08:13:00 | > Well, there just has to be some form of system > restore in win2000 Sorry, forgot to add: W2000 does not have system restore. That is a 98ME and XP special. Cheers Billy 8-{) |
Billy T (70) | ||
| 277357 | 2004-10-01 10:54:00 | > Sorry, forgot to add: W2000 does not have system > restore. That is a 98ME and XP special. Ummm Billy T only ME & XP ( Not too sure about 2003 server) has system restore, NOT Win 98. |
stu120404 (268) | ||
| 277358 | 2004-10-02 04:54:00 | > Ummm Billy T only ME & XP ( Not too sure about 2003 > server) has system restore, NOT Win 98. Yeah stu, I know that 98 or 98SE don't have System Restore, but ME is just W98 code with a new face put on it, and many people refer to it as 98ME. So, to save confusion, I used that description. Even Microsoft bundle it in their W98 grouping for patches & upgrades etc, and Windows-Help.net follows suit. Take a look Here. (www.windows-help.net) Key thing is, only XP & ??ME have that function. Cheers Billy 8-{) |
Billy T (70) | ||
| 277359 | 2004-10-02 05:25:00 | > So, to > save confusion, I used that description. Even > Microsoft bundle it in their W98 grouping for patches > & upgrades etc, and Windows-Help.net follows suit. Yeath, but since I have been on Press F1 & on countless other forums this is the first time I have heard it called that, so that is why I correct you there, & I will correct any one else who does the same....... |
stu120404 (268) | ||
| 277360 | 2004-10-02 05:48:00 | OK well I removed the extra copies of svchost.exe and since have been reinfected by a backdoor virus. No system restore - man, this is really strange behaviour. I can't imagine that I am being reinfected by just going online and anyway all of my security features are very up to date. Oh well, I am going to be away for a couple of days, and on my return I will wipe the HDD clean, format it, and reinstall. That way at least I will know that nothing is hiding in some corner of the HDD. Thanks BT |
Tobas (224) | ||
| 1 2 | |||||