svchost.exe. meh

[whatthe_fuzz]

i have fallen victim to a late night flurry of clicking the accept button on a 3rd party download... i am now reaping the consequences. 

 

i seem to have a virus. its attached to the app svchost.exe (local) which will sparadictly use 50% of my CPU and grab 1.5GB of RAM. 

 

i checked the file location and it goes back to *gulp* system32. 

 

i do NOT want to play around in that dark hell hole of files. 

 

if i "end the process" cpu usage goes away and im fine. BUT if i end the RAM process then everything freaks out and the Areo appearance disappears and reverts to basic.

 

any ideas? 

 

i honestly have no idea which program this could be tied to.

[SSOB]

Re-Instal windows i gues...

[whatthe_fuzz]

Re-Instal windows i gues...

 

ya i'll stick to these random CPU spikes then go through the pain of reformatting my SSD  <_<

[laxer]

MBAM usually does the trick for simple viruses...

 

If not seek the guidance of a specialist. (plenty of free support online)

[whatthe_fuzz]

MBAM usually does the trick for simple viruses...

 

If not seek the guidance of a specialist. (plenty of free support online)

 

running it right now

[gibbsy81]

Try a scan with mawarebytes.

[whatthe_fuzz]

MBAM usually does the trick for simple viruses...

 

If not seek the guidance of a specialist. (plenty of free support online)

 

 

Try a scan with mawarebytes.

 

 

MB found 3 things, so i got happy, uninstalled...rebooted and tit didnt work  :(

[laxer]

Try booting safemode and running MBAM a few times...

 

Like I said above, I don't know of any specialist here but, if you cant find any elsewhere I know of a few I can refer you to.

[whatthe_fuzz]

Try booting safemode and running MBAM a few times...

 

Like I said above, I don't know of any specialist here but, if you cant find any elsewhere I know of a few I can refer you to.

 

thanks dude. 

 

like i said, if i kill the process it doesnt pop up so i might just keep doing that if all else fails. 

[laxer]

See if you can figure out what is calling it...

 

If you can remove that from startup Mbam should clean it up

[whatthe_fuzz]

See if you can figure out what is calling it...

 

If you can remove that from startup Mbam should clean it up

 

sometimes svchost.exe can exist outside sys32 and be a virus however mine is the legit one inside sys32...thats the problem. i know the location i cant delete it though

[Hazy125]

sometimes svchost.exe can exist outside sys32 and be a virus however mine is the legit one inside sys32...thats the problem. i know the location i cant delete it though

I don't know why, but some programs like teamviewer are great at bypassing certain security features, I'm not sure if it works for system32 stuff, but it gets around most admin locks. You should try deleting the file through cmd with admin privileges using the 'del' command

[whatthe_fuzz]

I don't know why, but some programs like teamviewer are great at bypassing certain security features, I'm not sure if it works for system32 stuff, but it gets around most admin locks. You should try deleting the file through cmd with admin privileges using the 'del' command

 

svchost can be a major component in windows...a delete inside System32 is never good  :unsure:

[laxer]

Obviously, but I doubt the virus itself is in there, more than likely it just attaches to it or acts like it.

[YoYo155]

The problem isn't svchost! It is only a service host (do you see it now?)

What it does is host other services basically providing a start location.

You need to download Process Explorer and dig into it in order to really

know what is running all that CPU power.

If you're having trouble with it I will be able to assist you.

Just ask.

[Hades]

You can try this

1. Run cmd (right click run as admin)

2. Run this code. sfc /scannow

This will check the integrity of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged

[LDG]

try rougekiller.. I hope it helps