svchost Question

M

Mikeohioukus

New Member
Hello, recently in my documents there was a folder with a file svchost in there, I have never seen this before, The folder name is my name ( Mike ) with that file in there, Also this file is in the WINDOWS folder aswell.

My question is why is there 2 files?

And also how did this other folder become in my documents.

Thanks.. Mike
 
The first thing to do there is run a search for all locations of the svchost.exe file in case you have a virus or an IE shortcut addressing that file name. When running a search here one item found outside of the "Windows\System32" folder is a link like the one here. http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html

The second one found is a Microsoft page on the svchost.exe file. Both are only so many kilibytes in size. Any other copy of the file could easily be a virus or trojan. Some of those pose as the same system file and have to be removed manually. The one seen in the Windows sub folder is essential for Windows and expected to be seen.
 
Thank you, i did do what that website adviced to do. However that file that was in my documents in the folder i dragged to the file in Windows and it overwrite it.. I then deleted the folder in my documents which was empty.

I scanned for svhost.exe and it found 5 files. Below are a list of the locations, I would like you to tell m if this is normal.

1. C:\WINDOWS\SYSTEM32

2. C\WINDOWS\$NTSEVICEPACKUNINSTALL$

3. C\WINDOWS\MIKE ( This is the folder that was also in My Documents )

4. C:\WINDOWS\SERVICEPACKFILES\I386

5. C:\PROGRAMFILES\COMMONFILES\MICROSOFT SHARED\DAO\MIKE

That is all the locations that popped up after searching for the file..

Is this correct
 
This is random, but...

If you play World of Warcraft, check your running processes frequently to see if svch0st.exe is running. That's the same thing, except with the zero for the "o". This is a keylogger that I unfortunately somehow obtained a while back, and got my account hacked as a result.

Good luck!
 
If you look at the seach results and use the scroll bar there to see the full file name and see SMsvchost.exe instead of svchost.exe those are normal files in locations other then the Windows\system32 folder are geniune MS system files there with the slight change with the SM added. But finding svchost.exe outside of the Windows sub folder would spell trouble.

Microsoft released a pair of security fixes for access violation errors involving the svchost.exe file you may want to download for all versions of XP. If you have recently gone to the update link there you most likely already have them since they came out last month. If you are still running IE 6 you may want to grab the newer version of IE 7 for the added secirity seen there. Many simply use Mozilla's FireFox to avoid the vulnerabilities seen with the MS browsers.
 
Well, the folder in my documents was the only one.. I copied it to the file in WINDOWS and deleted that folder, I have no idea how it got there but should it be ok now?
 
I wouldn't have copied it to anywhere else but simply deleted it along with the folder in case it was a virus. For replacing the actual svchost.exe if ever needed you have to expand that from the Windows installation disk or have the system file checker do that for you if it is corrupted or deleted somehow.

I would strongly recommend running a good sweep of the system with AVG or another good antivirus tool along with a few adware/spyware removers to see if and what they come up with. That file may have been a virus that some how wasn't triggered when it got onto the drive. It's not something you want to keep anyways.
 
You must log in or register to reply here.
Back
Top