Yet another svchost.exe problem

Hello all,

I’m another person who’s been having problems with this svchost.exe FP.

On Wednesday, I got the false positive about the svchost.exe but I was half asleep and I removed it(not to the chest…deleted it).

Note: I’m on service pack 3

The current problems that doing this resulted in:

  • No display of windows in taskbar
  • Shortcuts in taskbar dissapeared
  • Not able to cut/paste(I can, but it’s a bit of a fiddle.)

I’ve tried copying the svchost.exe file from my other computer into the system32 folder and another svchost.exe file into the windows folder.

I’ve tried doing a recovery but trying to do the “cd \windows\system32” proves pointless as I keep getting the “access is denied” message.

When i try and do a repair install of windows XP it’s not in the list, it wants me to write over either my 500GB HDD or my 160GB HDD(both of which is full - minus 7GB in my 160GB HDD). I don’t want to lose any of the data I have stored in my computer.

I’ve spent the last two days trying to get a patch or something but I can’t find one. I’ve come across a knowledge base thread that tells me about the russian and french versions of XP, however they are from 2008 or something.

If ANYONE could shed some light into what I could do, I’d be forever in your debt, I miss gaming and watching movies!

Thanks in advance guys,

Connor

What svchost.exe FP do you mean?

I don’t understand completely what you mean.

I thought there was only one?

It’s not the virus/worm, it was simply avast picking up my real svchost.exe(from windows/system32) and deleted it.

I hope that’s answered your question.

Connor

Well, there was one, but it was a few years ago, so it’s hardly relevant.

What malware name was reported?

quote: http://windows.microsoft.com/en-US/windows-vista/What-is-svchost-exe
There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.

ThreatExpert’s awareness of the file “svchost.exe”:
http://www.threatexpert.com/files/svchost.exe.html

Thanks for the quick replies.

I’m unsure as to what it was filed under.

Since doing so, I’ve uninstalled and then reinstalled avast antivirus on the computer. So i hope I haven’t ceased to be able to find out.

Strange… You’ve uninstalled avast… exactly when you could have been infected…
avast has million of users and a false positive on svchost.exe will be flagged in tons of computers.
Seems your is really infected.

I don’t think I am infected? I had installed the latest antivirus(with orange systemtray icon) 2 days prior.

I had everything up to date etc, but it came up that svchost.exe was harmful, and i deleted it. Which caused my system to crash.

I cannot do another scan for a virus as i get a RDP or something failed to connect.

Can you boot/logon this computer? Does it really deleted the svchost.exe file?

Yes I can boot, I can log in, And open Windows. However, I cannot see any windows open in my task bar, No sound works, copy/paste/cut does not work propperly however with a bit of a fiddle it does (i.e. click and drag kind of works).

I can open recovery console but when I try to take svchost.exe from cd to system 32 it gives me the error that access is denied.
Also, when entering Windows XP installation disk it does not allow me to overwrite current Windows on the computer but instead it wants me to reformat and install. It does not allow me to repair windows.

When the file was deleted I uninstalled Avast the re-installed and in hopes I could do a system restore, however I cannot get into system restore from system tools nor from the windows folder as I get an error message claiming I cant run this programme on my computer.

Hope Essexboy take a look on this.
He could help you.

I suggest you read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Dr. Web
  2. Avira
  3. BitDefender
  4. Kaspersky
  5. F-Secure

You can check also this comparison article.

Integrate Multiple Antivirus Rescue Disk into One Single Disc or USB Flash Drive with SARDU. The most compreensive cleaning CD.

I had this problem a few weeks ago . I used a Install Disk to Repair. Use the 2nd  Repair after  the Acc. Agreement. This is the File that was Bad.   C:\Windows/system32/svchost.exe   .

Thanks to everyone so far with their help.

I’m going to try BILLG’s advice first because I don’t think my computer is infected, it’s just a mistake and a bigger mistake on my part for not noticing what file i was deleting.

Hey again,

The second option to install windows in the unpartitioned space, i thought was a bit risky as i’ve only got the 7GB and I don’t want to go over the 7GB because then I’m unsure of the loss of data that could be incurred.

I’ve downloaded the Avira Rescue CD and booted with that, however when I try and run the virus scan and repair it is frozen at “load modules” so I can’t begin the scan. I’m unsure also, of the parameters in the config for the scan so but no matter what I set it too, the loading screen remains and i’m unable to start.

I remember before I did an install of windows, but it just overwrote what was in windows and nothing else. I’ve forgotten how to do this and I’m pretty sure there was an optiuon for it beforehand.

I’m itching to get back on my computer, so any help soon would be brilliant.

Svchost runs Services so you are running just a few Services and are Limited with what you can do.  I did a Repair to the OS  only and Other Programs are left alone if all goes Well.  A Install will Delete Other Programs.

Thanks BillG,

I’ve managed to sort the AviraRescue CD and it’s now doing a scan…I say now but I actually mean it’s been scanning for the past 5 hours and it’s just passed the 790,000 files mark. Coming up with 7300 warnings(so far) and 41 Records(whatever that means.)

Hopefully this time hasn’t been wasted and it can be sorted.

Note: the “warnings”. I’ve watched it as it’s picked these up and alot of them are just my downloads which are Rar’d so it’s picked them up as warnings. Other warnings I’ve recieved are “svchost.exe…is TR\CRYPT\XPACK.Gen” but it tells me it’s unremovable. The system restore was mentioned in the list aswell saying that it’s infected with the TR\TRASH\XPACK.Gen.
(during this post the scan completed.)
It’s only renamed 13 files and it appears to have done nothing else. Where do I go from here.