Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi all,
I have a question about the MSblast worm. Im not sure if i am a victim of it but i ran symantec's removal program for the msblast worm and it didnt seem to find anything. but i read on another site that if you have more then 4 svchost.exe's running that it should be of some concern. i ended a process to one of the svchost.exe's and i got the same exact message as you do when your infected with the blaster worm (that you have 60 seconds to shutdown save ur work and whatnot) i would apreciate it if someone would help me. Thanks :)
Multiple occurances of svchost.exe does not necessarily mean that you have the blaster worm virus. You should not end the svchost.exe process as it is needed by the operating system and that is what is causing you to get an error. Look in the running processes list for msblast.exe instead. Also search your hard drive for that file as well.
0 
Run the removal tool in safe mode, then you will know for sure if you have the virus, also search for two files in you C:\%SYSTEM%\System32 folder, they are tftp1234 or something like that, good luck.
0
the SVChost routine is used by non executable DLL files to become executable by acting as a host for their execution. as lloyd said, it's normal to see multiple instances of it.
You might like this:Task List Programs
0
Thank you very much to Rayman and lloyd33!!
I thought SVChost is a virus, now I know it isn't a virus.But, another questions, my firewall keep warning me about some address want to contact me as the describe like this-->
"Someone from adsl-61-66-55-243.KH.sparqnet.net [61.66.55.243], port 3887 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer" and Details about application is "c:\winnt\system32\svchost.exe"So, what should I do? Permit it or Deny it?
Please give me an answer, thanks.
0
hello !
No, I don't think, that your computer is invected with the MSblast worm. My computer had this virus: when I was online, after 3 minutes, I got the message, that svchost.exe caused some problems and the program has to be closed. After closing, I couldn't copy and past texts in word. So:
1. I had do remove the virus (http://securityresponse.symantec.com/avcenter/FixBlast.exe) go to Obtaining and running the tool. With this programm you remove the virus
2. I had do install a Security Patch for Windows 2000.
http://www.microsoft.com/downloads/details.aspx?FamilyID=c8b8a846-f541-4c15-8c9f-220354449117&displaylang=enNow, everything works again :0)
Greetings from Switzerland.
0
Hi, I'm running Win2000, and patched my OS with the W32.Blaster security patch (my machine was not infected). Since doing this by computer now takes about 2 minutes to shutdown (used to take 20 seconds).
Anyone know what's going on here?Thanks for any help.
0
Hi all,
As said before, having different instances of SVCHOST.exe running on a machine doesn't mean it's infected but, I've read something that makes me feel worried.
In the company, we have patched lots of machines and I'm having the same problem reported by "C" and "bertieOLunacy"... sudenly Copy/Paste in all applications and Drag&Drop stop working on some machines.... after a reboot it works perfectly but only for a couple of hours.
Any idea? We use Trend Micro Officescan and it can't find any virus.
0
hey folks...
a couple of days ago I found msblast.exe running on my system (XP), so I applied the ms patch and it seemed to clear it up.
Now the system is bogging down, I've got 5 instances of svchost.exe in the task manager as well as CCD.exe, which before the last reboot was using 99% of the cpu.
I already downloaded and ran the killer, which reported nothing found after the scan.
I haven't been able to find CCD.exe mentioned in connection to the blaster worm or known variants. Has anyone else?
CFD.exe is also running.
thanks,
f
0
I have also had this problem ever since the msblaster virus hit but i have never actually had the virus and i have also ran the symantec removal tool, which found nothing.
I also find ad/remove programs in control panel messed up i can not open norton internet security once it has hit it just freezes. I get messages about svchost.exe, i cant cut and paste files or text sometimes, nor can i open links in new windows in internet explorer or use search files or folders. I thought i had rid of this once by removing a tftp service or something that was in my allowed files to accsess the internet in norton internet security but it came back today!
If i unplug my cable modem before i start my computer i have no problems but as soon as i plug it in off it goes within minutes.
I cant seem to find any information on the internet or on symantec's site on this, only in forums like this where no one seems to know what is going off.
I also installed msblast security patch but it has still happened again.
If i find anything new ill let you guys know.
Hope someone can help us poor souls!!"All hackers / virus writers should be hung, drawn and quatered"
Thanks in advance and good luck!
0
hello !
I don't think, that your computers are invected with the MSblast worm. Oue computers had this virus: when I was online, after about 3 minutes, I got the message , that svchost.exe caused some problems and the program has to be closed. After closing, I couldn't copy and past texts in word. So:1. I had do remove the virus (http://securityresponse.symantec.com/avcenter/FixBlast.exe) go to Obtaining and running the tool. With this programm you remove the virus
2. I had do install a Servise Patch 2 or 3,4 for Windows 2000.
3. I had do install a Security Patch for Windows 2000.
http://www.microsoft.com/downloads/details.aspx?FamilyID=c8b8a846-f541-4c15-8c9f-220354449117&displaylang=enNow, everything works again .
0
Hi I have the same problem Sean has, last days I got my computer infected with Blaster.
So I patched my windows with the latest Service Pack, I patched my iexplorer with the latest patch, I got my antivirus updated and I also ran Symantec's FixBlast tool, now it appears I'm clean.
But my computer still doing strange things, after a few minutes Im working online appears the banner: Program Error "svchost.exe has generated problems and will be closed" or something like that, then I cant get thru the links in any webpage, then excell and word dont work, I have to manually unplug the phone line out of my modem because I doesnt get disconnected when I try to do so. And I cant even copy-paste things.
Does anybady know what to do?
0
I am also a victim of this other kind of MSBlast virus. The symptom's that my computer saturates local network with PING packets after it is connected. Running FixBlast.exe does not find anything. So after playing around for some time, I manually fixed the problem and this is how it works:
1. Patch your operating system! This is very important. See windows update website.
2. Start windows in Safe Mode.
3. Remove Windows\wins (or WINNT\wins, depending on your windows root dir). This directory may contain two files: DLLHOST.exe and SVCHOST.exe. They are not the real ones; they are the fake trojan that get through Microsoft's security hole (I have to admit that SVCHOST.exe is a really good name for such a trojan!)
4. Run regedit.exe and remove keys that's
related to these two files, by searching for "wins\svchost.exe" and "dllhost.exe". Note that the good svchost.exe is frequently used in registry and should not be touched.5. Search in the file system for other possible occurances of these two files.
6. Restart computer. You should be fine.
Good luck! Nigel
0
I had MSBLAST and removed it.
Now I have trend Penicilling detecting that svchost.exe is trying to write out to the internet on port 123
0
Hi there,
Would it be possible to run this by you guys?
on the subject of the mysterious SVCHOST.exe at 13:29 today my firewall (Black Ice) came up with a strange intrusion warning..."TFTP was used to transfer a Windows executable."
Looking into it this is the kind of error that I would be likely to find if my security had been comprimised and someone had access to my machine.
Looking at my installed files list, the only .exe that was installed any where around that time was SVCHOTS.exe and it was precisely at 13:29.
So my question to you guys is, do you think that this is likely to have been placed on my machine during that FTP session and if so would you advise me deleting it?
I am running by the way XP (no Service pack), Black Ice, Spybot and AVG Antivirus.
Many thanks for your reply,
Dave
0
Guys! If you actually already HAVE the MSBLAST worm then you should (I would even say MUST) run Symantec's removal tool in SAFE MODE. I say again...SAFE MODE! Why? Because if your system is running normallyinsted of in Safe Mode, then the worm has ALREADY LOADED and is running as a system service. All attempts to run the removal tool to delete it will be unsuccessful. So run the removal tool in SAFE MODE.
Also, if you have never done so, I would recommend that you run a remote virus scan on your system. By that I mean a virus scan that is run through remote access rather than the AntiVirus program on your local hard drive (which may be compromised if your system is already infected). Panda Security (makers of PandaAntiVirus) offera a really good remote scan, and it's free. Just requires you to download and run a small Active X component in your browser.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Good luck to all the infected!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
