OK, so you're probably not going to believe me, and you're going to select someone who suggests Malwarebytes or some other program as the best answer. But then you'll realize that it didn't work, and you're still looking for a solution, THEN read this:



I've been a network administrator for over 12 years now. Here's what I do about virus and spyware infections: I backup all the documents, pictures, music, etc., and then I put in the Windows CD and have it format the hard drive and start over. That's the only way to be 100% sure that all of the infections are removed. For backing up the data files, I prefer an online file host (such as http://www.drivehq.com ) instead of a USB drive because recent viruses (like Conflicker) can infect your USB drive.



What should you back up? Almost always these days, if you just back up your "My Documents" folder (and the My Documents folders for other users on the computer), you'll have saved everything. Microsoft and third party software manufacturers are becoming very good at making sure all of your stuff goes into that folder, or a subfolder (such as My Pictures).



For the future, I recommend that you use Mozy Home Free Edition to keep your documents backed up online. Then you won't have to hesitate if you want to ever reformat your computer again. Here is a YouTube video that I made about how to use Mozy: http://www.youtube.com/watch?v=RmhAoPCmOdY



I also recommend installing Site Advisor at http://www.siteadvisor.com. It will pop up a red balloon any time you go to a web site that has malicious downloads. It will also put red, yellow, and green icons next to your Google and Yahoo search results.



Lastly, here are my recommendations for anti-virus products:



All antivirus do just as well at detecting viruses. So the best antivirus is a free one. Here are three free ones that you can choose from:



AVG Free Edition: http://free.grisoft.com

Avast 4 Home: http://www.avast.com/eng/avast_4_home.html

Avira Antivir Personal: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

PC Tools Antivirus Free Edition: http://www.pctools.com/free-antivirus/

Comodo Antivirus: http://personalfirewall.comodo.com/antivirus.html



I've been getting into Comodo lately: http://antivirus.comodo.com/



Actually, I don't know how well the anti-virus component of it works, but the thing is this: it has a "sandbox" feature. Unless you specifically tell Comodo to allow permanent changes, everything that you do in your browser gets undone when you restart your computer.



Here is a Hak5 podcast that showcases Comodo's sandbox feature:http://www.hak5.org/episodes/episode-703

2

There are some good tools provided by Microsoft Technet and Sysinternal that will help you to determine if your system has been compromised with a virus or something similar to it. Lest first talk about the svchost virus.





What is svchost.exe?



Svchost.exe is a process that is vital to the Microsoft operating system. The process is used by Windows to launch programs that cannot run without a host. Therefore, DO NOT ATTEMPT TO DELETE OR SHUT DOWN svchost.exe, your Windows will not work without it.



Now what is the svchost virus?



The svchost virus is actually a process named scvhost.exe (notice on the “c” and “v” are switched) which is designed to confuse people with the harmless svchost. Scvhost.exe will go into your system and completely shut it down. The virus is actually a Trojan Horse named W30/Agobot-S virus. This virus will allow hackers to access your computer and steal passwords and personal data.



How to remove it from your system?



1 ) The way a PC Technician will do:



Restart your computer in Safe Mode and log in as Administrator. Press "F8" after the first beep occurs during start up, before the display of the Microsoft Windows logo. Select the first option, to run Windows in Safe Mode from the selection menu..........



For complete details on how to remove click in e-how.com

http://www.ehow.com/how_5132341_remove-svchostexe-virus.html Complete Instructions to Remove this Virus



2) The way a user without PC experience will perform this removal:

Will download the first antivirus program seen on the Internet, that won't help at all, it just will complicate things.



As I said earlier, Microsoft Technet site has some good tools to determine if your system has any rootkits or virus on the system. My advice to you is to download these two tools from Microsoft Technet first, then after protect your system by running the lastest Microsoft Updates and installing a good antivirus on your system. Here they are:



There are two most powerful tools from Sysinternals that can help us lot in our search for

suspected threats on our systems.

1. Autoruns for Windows

2. Procexp



1)AutoRun for Windows



http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx



2)PROCEXP :



You can download this tool from

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

It can be used in Windows XP and higher and Server 2003 and higher.

What is svchost.exe And Why Is It Running?



You are no doubt reading this article because you are wondering why on earth there are nearly a dozen processes running with the name svchost.exe. You can’t kill them, and you don’t remember starting them… so what are they?



So What Is It?



According to Microsoft: “svchost.exe is a generic host process name for services that run from dynamic-link libraries”. Could we have that in english please?



Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective this makes more sense for reusability… but the problem is that you can’t launch a .dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born.



Why Are There So Many svchost.exes Running?



If you’ve ever taken a look at the Services section in control panel you might notice that there are a Lot of services required by Windows. If every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows… so they are separated out.



Those services are organized into logical groups, and then a single svchost.exe instance is created for each group. For instance, one svchost.exe instance runs the 3 services related to the firewall. Another svchost.exe instance might run all the services related to the user interface, and so on.



So What Can I Do About It?



You can trim down unneeded services by disabling or stopping the services that don’t absolutely need to be running. Additionally, if you are noticing very heavy CPU usage on a single svchost.exe instance you can restart the services running under that instance.



The biggest problem is identifying what services are being run on a particular svchost.exe instance… we’ll cover that below.



If you are curious what we’re talking about, just open up Task Manager and check the “Show processes from all users” box:



image



Checking From the Command Line (Vista or XP Pro)



If you want to see what services are being hosted by a particular svchost.exe instance, you can use the tasklist command from the command prompt in order to see the list of services.



tasklist /SVC



image



The problem with using the command line method is that you don’t necessarily know what these cryptic names refer to.



Checking in Task Manager in Vista



You can right-click on a particular svchost.exe process, and then choose the “Go to Service” option.



image



This will flip over to the Services tab, where the services running under that svchost.exe process will be selected:



image



The great thing about doing it this way is that you can see the real name under the Description column, so you can choose to disable the service if you don’t want it running.



Using Process Explorer in Vista or XP



You can use the excellent Process Explorer utility from Microsoft/Sysinternals to see what services are running as a part of a svchost.exe process.



Hovering your mouse over one of the processes will show you a popup list of all the services:



image



Or you can double-click on a svchost.exe instance and select the Services tab, where you can choose to stop one of the services if you choose.



image



Disabling Services



Open up Services from the administrative tools section of Control Panel, or type services.msc into the start menu search or run box.



Find the service in the list that you’d like to disable, and either double-click on it or right-click and choose Properties.



image



Change the Startup Type to Disabled, and then click the Stop button to immediately stop it.



image



You could also use the command prompt to disable the service if you choose. In this command “trkwks” is the Service name from the above dialog, but if you go back to the tasklist command at the beginning of this article you’ll notice you can find it there as well.



sc config trkwks start= disabled



Hopefully this helps somebody!



http://209.85.129.132/search?q=cache:T6mhInHOyMgJ:www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/+What+is+Svchost&cd=1&hl=en&ct=clnk

It actually won't be SVCHOST but rather what it is running. That is a utility program that runs software as a service for the O/S. You should actually see multiple of these running if you look at task manager.



The challenge will be finding out exactly what is causing the issue.



You may want to try malewarebytes or some other free utility. Or http://housecall.trendmicro.com/ which does it online for you

Svchost is a windows process and not a virus, there are usually lots running. your virus scan is flagging it incorectly and you should flag it as trusted.

visit this website if they are slowing your computer down and for some more information.



http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/



hope it helps

Re-boot your computer in SAFE MODE

To run it in Safe Mode, as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up

Choose Start computer in SAFE MODE with network support

Download and install Malware Bytes and AVAST free edition



http://freevirusprotection-spywaremalware.blogspot.com/



http://bestfree-spyware-virus-trojan-protec.blogspot.com/



Run a FULL SCAN with both programs – They are FREE.

svchost.exe is a normal windows process. If it is spelled scvhost.exe then it is a threat,notice to position of the c and the v. These services run what you see in the control panel such as windows security, windows firewall etc............

bullguard is detecting this as a false positive and you need to report this to them

Clear your Temp folder, Internet Temp and cookies, then clear your System Restore Points (turn it off). the virus is hiding in one of these places and is just reloading when you reboot the computer.

Go here and download these,

ATF Cleaner by Atribune.- http://www.atribune.org/ccount/click.php?id=1

Malwarebytes - http://malwarebytes.org/

run the ATF cleaner first, then malwarebytes and delete what it finds.

svchost.exe is a NEEDED file. Its the CORE of windows. Without it you computer isnt running. You'll see it in task manager and as you do things more will appear. Thats truly normal and expected.

**Your confusing me- you say its a virus then its not-

WHY do you think it is??

Run a scan with this free program



1. SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspcious/injected DLLs within all running processes.



Go here for details and download

(Free) http://www.rootkitanalytics.com/userland/spy-dll-remover.php



Download portable version here and put it on a flash drive / CD whatever?

(Free) http://portableapps.com/apps/utilities/spydllremover_portable



Go here for info on dll's

http://www.dll-files.com/dllindex/index.shtml



Takes like 30 seconds and it "Will" find it (~_~)

use avast anti-virus has Anti-spyware built-in, Anti-rootkit built-in, Strong self-protection, Web Shield, Automatic updates, Antivirus kernel, Resident protection, Network Shield and its scans the page befor it loads and a lot more and its free

svchost is a necessary Windows OS process.

http://support.microsoft.com/kb/314056

Use some good anti-virus.

Use Avast-Home.