Avast has detected a Trojan’s, so I moved it to the virus chest , the file also remove from C:\windows\system32\OOBE\0201\SVCHOST.exe but when i run Windows Task Manager show that SVCHOST.exe in the list under User Name SYTSTEM, NETWORK SERVICE & LOCAL SERVICE, below listing as per Windows Task Manager table
Image Name User Name CPU Mem Usage
SVCHOST.EXE SYSTEM 00 1,436 K
SVCHOST.EXE SYSTEM 00 1,512 K
SVCHOST.EXE NETWORK SERVICE 00 1,392 K
SVCHOST.EXE SYSTEM 00 5,336 K
SVCHOST.EXE NEXWORK SERVICE 00 1,255 K
SVCHOST.EXE LOCAL SERVICE 00 722 K
Is this normal? What this SVCHOST.exe use for ? I’ve remove to chest why system still can run this SVCHOST.exe ?
svchost.exe , from what I understand, carries out a bunch of services and stuff together as one process. (Like the wireless capabilities + indexing + many others.)
Now, even though that is a common Windows process, you probably have caught something that imitates the process name (so people wouldn’t normally terminate it since svchost.exe is usually for important Windows functionality).
Unfortunately, that’s as far as I can help. Without more information, I don’t know whether you caught a virus, false positive, ectera. Post back with more information, and perhaps some logfiles !!
Nothing unusual in your Task Manager, see image of mine
Many trojans/malware use the names of system files (but located in a different location to the system files) to confuse the user into believing they are system files, the give away is they aren’t in the windows system(32)/s folders.