svchost.exe called virus

  nbtmusic 14:38 25 Aug 10
Locked

greetings

my virus checker keeps giving me a warning that an exe svchost.exe to be exact is acting as a virus, and situated in System32. it says it is sending hidden data.

ok the problem of course is there are SEVERAL svchost exes running and they are are of course legit..

in simple laymans terms how do i find out which is the guilty party and how do i get rid of it.
i ran the virus prog and it couldnt find anything

would be most greatful for any help

  nbtmusic 14:45 25 Aug 10

oh i should mention i use windows XP home edition

  birdface 15:08 25 Aug 10

Maybe try task manager to see which one of them is using up a lot of the CPU.

  gazzaho 18:20 25 Aug 10

If you select show processes from all users in Task Manager, right click on each svchost.exe and select go to service(s) it will show you which service the svchost.exe process is running.

From there you would perhaps have a better idea of which service to check on a site like Process Library (click here) If you find one that looks suspect you could then run msconfig and disable the service, after ticking the hide all Microsoft services check box, restart and see if the problem persists.

I'm not saying this will solve your problem but it might be worth trying, you can always re-enable the disabled service with msconfig and try another, just be careful disabling MS related services.

  peter99co 19:26 25 Aug 10

Which Anti virus is reporting/warning you of the virus?

Which Anti virus cannot find it?

  nbtmusic 07:41 26 Aug 10

@gazzaho thankk you very much for your advice, i shall try that all today

@peter99co Kaspersky is the one telling me that one of the svchost.exe in sys32 is up to no good in its warning it always has an address that begins with this... Clkh71yhks66.com

it says it cant find the file to quaratine it when i select that option, so i select forbid this operation.. ten minutes later it is back.

i have run a full pc scan with Kaspersky too, nothing comes up

  birdface 07:52 26 Aug 10

According to this you have a .

TDL3 rootkit.

click here

  birdface 07:55 26 Aug 10

Maybe try Hitman Pro that gets rid of rootkits.


click here

Free for 30 days.

  nbtmusic 08:27 26 Aug 10

@buteman

thank you I will do that, thanks for your help :)

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

This abstract video touches on division in our technologic world

Best alternatives to iTunes for Mac | Best music players for macOS: Free your music from the…