Serious help needed here guys!

N

noodles

New member
Ok,

I think there may be a problem with my pc. Today I have noticed its rather slow to say the least, and there are 5 svchost.exe running taking up all of my processor. I read this is an ok file, but when I try to run regedit it asks to access the intenet, I say ok, then it closes before I can read it. I cant help having a very bad feeling about this... please help me somebody!!!

How can I run regedit for a star, everytime I open it, it closes so fast I cant read a word it says. I tried netstat -anp & netstat -an and no luck :confused: :(
 
N

noodles

New member
ps ~ I just looked for explores.exe and its not there so is this a virus, worm or what?

I can open regedit but its closed in less than a minute, too quick to read anything.
 
ipdave

ipdave

1
Download Ethereal and start packet capture (sniffing); then run it again and stop the capture afterwards to see where it is going... a bit advanced stuff, but the only way to catch it in action :)
 
roadworker

roadworker

1
Yep...this is a virus that hides itself as scvhost.exe.
Try to remove it by booting in safe mode and a virusscan check.
Running your scanner on it in windows will most likely cause a failure.
 
N

noodles

New member
I'm so sorry to sound stupid but how do I start in safe mode? Could you please give me instructions, step by step. Sorry to be a pain.

I read that svchost.exe was perfectly legitimate on the xp site so I'm confused.
 
roadworker

roadworker

1
noodles said:
I read that svchost.exe was perfectly legitimate on the xp site so I'm confused.
Click to expand...

Indeed....the ORIGINAL files are legitimate,but this is a perfect opportunity for a virus,trojan or worm to disguise itself as svchost.exe....no-one gets suspicious when this file is listed in the process viewer,or when it tries to acces the internet.....a high cpu load on svchost.exe and regedit closing or trying to acces the .net indicates most of time that there's an "evil" svchost.exe running.
As for safe mode,hit F5 or F8 to get there..
 
N

noodles

New member
Ah I see.

Thank you so much for your help, but I'm about to get even stupider (if thats even a word lol)

What do I do once in safe mode?? Also I have AVG, Zone Alarm, Adaware, Spyware blaster, easy cleaner, spybot etc.. so why or how did I get this?? As I'm ultra careful and as I shop online a lot are my debit/credit cards at risk??? :-(
 
N

noodles

New member
Well I've run 'Trojan hunter' and I'm clean apparently....computers eh! I don't know why I bother :-/
 
woody

woody

1
Agree with Roadworker on this one.Virus,or malicious spyware.Getting lots of popups lately?Something is opening multiple connections.
 
You must log in or register to reply here.
Top