Author Topic: svchost.eve (Read 6050 times)

ExGeeEye · « **on:** April 17, 2012, 12:15:28 PM »

svchost.eve

Malwarebytes catches it trying to do nasty things.

Norton thinks it's a trusted, well-used piece of something.

Other on-line sources say theres a good one from MS on every computer, and there's a bad one that comes in, deletes the good one, calls itself by the good one's name, pretends to do most or all of the good one's functions, and does nasty things on the side.

I thought about deleting it. Then I thought that might be like deleting my lungs to avoid pneumonia.

Any ideas? Anyone? Bueller?

Maxiest · « **Reply #1 on:** April 17, 2012, 12:37:55 PM »

If malwarebytes is detecting that one as the bad one, than its MD5-Hash matches a virus/spyware/malware program and should be deleted through mawarebytes only.

I would actually suggest downloading Combofix and running it. It should take care of it.

Rick · « **Reply #2 on:** April 17, 2012, 01:41:50 PM »

Have the same problem on the other computer. There appears to be a "install updates" that reinfects svchost.
Have tried several things. Noton, Malware, Mcfee, Spybot. You need to run the compete scan, if it is only finding one infected item, it is not finding it all.

As it stands now I have corrupted the windows files, I did a rebuild (restore), It was good for about two hours then was re-infected. Would not let me access anything on the net. Trying to fix that I corrupted windows a second time. I have gotten tierd of this shit, It maybe several day before I go back to it.

Please let me know what you have done.

Maxiest · « **Reply #3 on:** April 17, 2012, 01:55:42 PM »

http://www.bleepingcomputer.com/download/anti-virus/combofix

You also need to turn off system restore. As the virus has been saved in your system restore.

Texacon · « **Reply #4 on:** April 17, 2012, 02:18:39 PM »

Quote from: ExGeeEye on April 17, 2012, 12:15:28 PM

svchost.eve

Is it svchost.eve or svchost.exe?

If it is svchost.exe you need it but it should reside here;

C:\WINDOWS\system32\

If you are talking about *.eve .... I don't know. Since it is a play on the *.exe file which is real I would be about 99.9% sure you are dealing with a virus.

KC

Texacon · « **Reply #5 on:** April 17, 2012, 02:20:51 PM »

Quote from: Maxiest on April 17, 2012, 12:37:55 PM

If malwarebytes is detecting that one as the bad one, than its MD5-Hash matches a virus/spyware/malware program and should be deleted through mawarebytes only.

I would actually suggest downloading Combofix and running it. It should take care of it.

I would NOT suggest running Combofix unless you know what you're doing. Combofix is an awesome piece of software but it can really mess up a machine if you don't know what you're doing.

If you're going to do that I would highly recommend you sign up for one of the online help forums like bleepingcomputer.com and let them help you through the process.

KC

Maxiest · « **Reply #6 on:** April 17, 2012, 02:34:10 PM »

Quote from: Texacon on April 17, 2012, 02:20:51 PM

I would NOT suggest running Combofix unless you know what you're doing. Combofix is an awesome piece of software but it can really mess up a machine if you don't know what you're doing.

If you're going to do that I would highly recommend you sign up for one of the online help forums like bleepingcomputer.com and let them help you through the process.

KC

I am not sure why people say this. Everything Combofix does is automatically done. There is nothing you can really "mess" up using it. I have probably ran it on 2000+ computers and at worse it didn't fix the issue.

Texacon · « **Reply #7 on:** April 17, 2012, 02:48:05 PM »

Quote from: Maxiest on April 17, 2012, 02:34:10 PM

I am not sure why people say this. Everything Combofix does is automatically done. There is nothing you can really "mess" up using it. I have probably ran it on 2000+ computers and at worse it didn't fix the issue.

I'm currently in BC's malware removal school. They tell us that you have to be really careful with CF because it can mess up your machine.

It also doesn't run on all machines.

KC

ExGeeEye · « **Reply #8 on:** April 17, 2012, 03:31:16 PM »

Quote from: Texacon on April 17, 2012, 02:18:39 PM

Is it svchost.eve or svchost.exe?

If it is svchost.exe you need it but it should reside here;

C:\WINDOWS\system32\

If you are talking about *.eve .... I don't know. Since it is a play on the *.exe file which is real I would be about 99.9% sure you are dealing with a virus.

KC

exe is correct.

EagleKeeper · « **Reply #9 on:** May 22, 2012, 09:31:08 PM »

svchost.exe is called by whatever executable your calling up. It's what the executable runs in on a windows machine.

If windows does not find it objectionable or your antivirus then it will run

LC EFA · « **Reply #10 on:** May 22, 2012, 11:54:41 PM »

The heuristics used by some intrusion / malware detection software can trigger false positives on svchost.exe because of the inherent behaviour of that piece of the windows OS.

ExGeeEye · « **Reply #11 on:** May 23, 2012, 03:09:26 AM »

I ended up nuking my computer back to the Stone Age (factory settings). THen came the process of reinstalling my personal favorite softwares and sitting through all the updates both of OS and antivirus.

Working fine now. Better, in some ways.

The Conservative Cave

News:

Author Topic: svchost.eve (Read 6050 times)

ExGeeEye

svchost.eve

Maxiest

Re: svchost.eve

Rick

Re: svchost.eve

Maxiest

Re: svchost.eve

Texacon

Re: svchost.eve

Texacon

Re: svchost.eve

Maxiest

Re: svchost.eve

Texacon

Re: svchost.eve

ExGeeEye

Re: svchost.eve

EagleKeeper

Re: svchost.eve

LC EFA

Re: svchost.eve

ExGeeEye

Re: svchost.eve