Overview
A common technique that spyware, adwares, viruses, keyloggers etc use to hide from users is to drop files on the system that use the same name as a legitimate file but in a different folder. WinDir.svchost is a warning that there is a file named svchost.exe located in %WinDir% on your system. The legitimate svchost.exe file is located in %SystemDir%. You might want to analyse %WinDir%\svchost.exe to verify it is something that you really want on your system. Do not delete %WinDir%\svchost.exe unless you are 100% sure it is a threats.Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following threats drops svchost.exe in %WinDir%:
2020search, Online Trojan, W32.Jeefo, W32.Mimail.L@mm, W32.HLLW.Astef, W32.Hostidel.Trojan.B, W32.Hostidel.Trojan.C, W32.Darker.Worm, W32.HLLW.Donk, W32.HLLW.Morb, PWSteal.Tarno, Backdoor.Graybird, BKDR_DEWIN.E, W32.HLLW.Repsan, and many more.
Files
svchost.exeIf you have any of the files related to WinDir.svchost on your system, please send them for additional analysis. Generally, I have only analysed a few versions for each software component listed at this web site. With your help I will be able to look at both old and more recent versions of the WinDir.svchost software. Thank you very much for your time!
Detection
Bazooka Adware and Spyware Scanner detects WinDir.svchost. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications.Manual removal
Please follow the instructions below if you would like to remove WinDir.svchost manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If WinDir.svchost remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Do not delete %WinDir%\svchost.exe unless you are 100% sure it is a threat.- Start your computer in safe mode.
- Start Windows Explorer and delete:
%WinDir%\svchost.exe
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
"
Problems uninstalling? Here's some advice.
Yes, it can be both tedious and difficult to uninstall software manually. This page will give you some advice that hopefully will help you in the process of deleting both legitimate and potentially unwanted software.Advice 1 - Be careful
Be careful. Take your time when going through the manual removal procedure. If you skip one uninstall steps, or if you do not delete all registry keys or files mentioned, in most cases the uninstall procedure will fail and Bazooka will continue to report the potentially unwanted application.On the other hand, it is also important that you do not delete anything else than the items mentioned in the uninstall instructions. That might damage your system.
Advice 2 - Understand the variables
The uninstall instructions often use %variables% to point out the location of the files and folders that should be deleted from your hard drive. For example, in the uninstall instructions you might find something that looks like this:- Start Windows Explorer and delete:
%WinDir%\afolder\spywarefile.exe
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Advice 3 - Show hidden files and the extension
Most installations of Windows is by default configured not to show hidden or protected files. The same goes for known file types, such as .exe and .txt, which by default are not shown either. The manual uninstall procedures assumes that you can see all files and their extensions. Symantec offers a guide how to change these settings.Advice 4 - Safe Mode
"Error Deleting File or Folder - Cannot delete X: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."Does this look familiar? In most cases you can delete the file or folder if you reboot into safe mode.
Advice 5 - The search functions
Both Windows Explorer and the Registry Editor have a search function that come in handy when you want to find a file on the hard drive or something in the registry.To search for a value in the registry editor: Start the editor, select the root in the left pane, click Edit and choose Find.
To search for a file or folder in Windows Explorer: Start Windows Explorer, right-click My Computer and choose Search.
Advice 6 - The Bazooka log
If you are sure you have removed all items that are mentioned in the uninstall instructions, but that darn Bazooka scanner still report the potentially unwanted application, you can look in the Bazooka log to find out why Bazooka still nags about it. The log is actually not meant for the end-user and it is hard to interpret, but I think that it after all might offer some help.To look in the log, click the "Generate Log" button in the Bazooka dialog, save it on disk, open the log in a text editor, scroll down to "Result when scanning". The information there might offer some help. "
0 comments:
Post a Comment