How to Edit SVCHost?

Printable View

04-17-2010, 05:49 PM
Alric

How to Edit SVCHost?

I have a really bad trojan virus on my computer, that I just can't seem to get rid of. Using multiple virus scanners, none of them can ever find the virus. However I know the virus is effecting svchost, and I think its probably infected and inside svchost itself. Since you can't delete svchost without breaking stuff(that I know of?), I was wondering if anyone knew if there was a way to open svchost up, and check the actual code and stuff to see if the virus is inside of it.

And on a related note. I am wondering if its possible to some how get a list of all programs that have read or edited svchost? Since if its not svchost itself, then its something that is directly linked to it.
04-18-2010, 03:32 AM
FortressForever

I really don't think that editing svchost is the solution. What scanners have you used? If you haven't tried them already then I highly recommend malwarebytes and superantispyware. Both are free.

http://www.malwarebytes.org/

http://www.superantispyware.com/

Just for fun here is an explanation of what svchost is from microsoft.

"Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions. For example, Windows Defender uses a service that is hosted by a svchost.exe process. There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe."
04-18-2010, 05:06 AM
Alric

I have ran malwarebytes and avira, neither of them are able to pick it up. I also ran hijackthis and a couple of other programs like it and asked the people who are really good with this sort of stuff on a virus forum. They couldn't find it either.

Its been such a pain since I can't delete svchost because it will break a lot of stuff. I can't use a firewall to block svchost from connecting to the internet, because then that blocks legitimate connections of svchost and then I can't connect to the internet at all.

So I can watch and see svchost connect to a virus website and download a new virus but I can't stop it. What is worse, is that I know there is some way to do it. I just don't know and I can't find it.