SVCHOST.EXE is a legit & necessary process of Windows. There are also viruses & trojans that masquerade as legit by using the same name. Here are some reference sites that will help you determine what's going on:

Sysinfo.org http://www.sysinfo.org/startuplist.php

Executables Listing http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

LiUtilities Windows Process Library http://www.liutilities.com/products/wintaskspro/processlibrary/

Task Manager Processes http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

.

svchost.exe is a legitimate Windows process, as previously stated. Not only can some viruses masquerade itself with the same name, but they may use a memory injection. The virus actually injects itself into a process's memory so it will not show up in Windows Task Manager. But download Process Explorer. It shows you all processes, as well as their children processes. http://www.google.com/search?q="Download+Process+Explorer"



Click each 'svchost.exe', and in the bottom pane, where it lists dependent processes, threads, handles, files, etc., find a suspicious file. If you find a filename that you KNOW FOR A FACT should not be running try right-clicking that entry and choose 'Kill Process'. (It might just be 'Kill...' or something similar.)



I had the same problem not long ago, but fortunately I was able to find the malicious file, kill it, then delete it. It never came back. But MAKE SURE you find ANY AND ALL malicious files and kill/delete them. If you don't the virus will simply duplicate itself and start another instance which will inject itself yet again into the svchost.exe process.

svchost.exe is a special "shell" program that is used to run system services and background programs.



Some of the more sophisticated malware will install several programs that automatically reload and recreate a file that is deleted.

In my eyes the SMSvcHost is the problem. Most XP machines have a few of the SVCHOST.EXE process running natively.

Hmmm when you end it and the Shutdown message comes up go to the run dialog in Task Manager

(open task manager go to file>run)

and type shutdown.exe -a



After that try and download Spybot Search and Destroy from

http://www.safer-networking.org/

its free and very effective also try nod32 online scanner

http://www.eset.com/onlinescan/

free also



hope this helps

Two affirmations to start: 1) Do not reformat or use system restore to start from new as it is too harsh and you should do it only as a last resort.



2) Do not copy your documents elsewhere as this will only spread the Malware and do NOT use your Email until this is cleaned.



Now for the main part: This is Malware masquerading as the svchost.exe, deeply rooting itself in your system (some even hide in your router's firmware). Virus scanners and the Restore Point Utility are not good things to use against such invasion for this reason alone.



Don't delete it manually as it is needed by Windows, just get the programs I listed from another computer (Internet Café, Public Library or friend's computer) onto a USB stick as Malware blocks you from downloading protection. A word of caution, be sure to read all programs help files completely before using them. If you still cannot use MBAM, rename it Alteregobytes to confuse the Malware (but be sure to keep the .exe extension on it) and use it as alternative for part A of the following solution.



TRYING MBAM ALONE IS NOT ENOUGH AS YOU NEED A COMPLETE SOLUTION, here is one (use programs in the order stated):



A) Download MBAM (MalwareBytes' Anti-Malware): http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button - Install the application and make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish ( If an update is found, it will download and install the latest version ).



Once the program has loaded, select "Perform Quick Scan", then click Scan ( The scan may take some time,so please be patient ). When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected ( When disinfection is completed, a log will open in Notepad and you may be prompted to Restart ).





B) Try the tricks and free programs I use: 1) Clean browsers junk.



Method One (now): In Internet Explorer (IE), click the Tools menu, then Delete Browsing History and in the box, click the Delete all button (bottom left) and Yes.

In Firefox (FF), go to tools, clear private data, make sure all boxes are checked and then click on the clear private data now button.



Method Two (Normal use: Every 14 days - Heavy use: Every 7 days): In IE, click the Tools menu, Delete Browsing History and in the box that opens, do these: a) click the button near Temporary Internet Files, click Yes and wait for the box that opens to close.

b) click the button near History, click Yes and wait for the box that opens to close and finally, click the close button (bottom right) to finish.



In FF, Go to tools, clear private data and uncheck all except Browsing History, Cache and Authenticated Sessions boxes then click on the clear private data now button.



Note: Close browser when done to clear cookies still in memory. For other browsers or versions of the programs, check help files for guidance on doing cleanup.



2) Turn off the restore point utility ( Guide for XP: http://support.microsoft.com/kb/310405 and Vista: http://windowshelp.microsoft.com/Windows/en-US/Help/9f6d755a-74bb-4a7d-a625-d762dd8e79e51033.mspx )



3) Use this free cleaner: http://www.glaryutilities.com/gu.html to remove junk and remnants files.



4) put order in your HD with a "Disk defragmenter".



5) Turn restore point utility back on. (see part 2)



6) Do not use Google/Yahoo toolbars (spyware).



7) Persisting problem after this, get Avira: http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?cdlPid=10901492 plus an Email scanner ( http://www.spamdel.com/ OR http://www.glenn.delahoy.com/software/files/Inbox.htm ). Already have a scanner, make sure your virus database is updated BUT stay away from (or get rid of) AVG free (CRAP).



8) If the problem is very stubborn and you have a router, visit its web site and check for firmware that is more recent than your version. If FOUND, download and install, if NOT, use the router's reset switch, both methods return it to factory settings. "WARNING": Gather router install CDs, guides, passwords before doing this as you will need to do all connections again.





By doing so, you are on your way to being well protected BUT never relax your guard !

Check out



http://forum.f-prot.com/index.php?topic=358.0



I hope it helps..