The importance of updates on a post-virus install

[twilyth]

I'm not sure I had a virus, but at this point, I would have to say that the odds are in favor of it.

I noticed that of 3 machines, only one had a dozen or more instances of svchost.exe. In fact, on the other 2, there were no instances at all. So I formatted the drive and reinstalled W7.

But before the updates were done, i used IE to dl firefox. A couple hours later I happen to look at taskmanger and there are those svchost pgms again.

So I format and reinstall again, but this time do all the updates first before even enabling the ethernet card (i turned it on to dl the updates and off while they were being installed).

Now when I check, not a single svchost is running.

I should also mention that after the first install, FF was acting weird, telling me that it was running in "safe mode" - whatever that is.

the only way I could have gotten infected again was through a hole in IE. But even that blows my mind because that means that these guys must be sitting on every IP address out there like hungry dogs.

I still have some more software to install before the 2 installs are exactly comparable, but I don't think anything I have left will be needing a dozen instances of svchost.

edit: oh, the reason I was in taskmanager was because MSE found a virus in a file on the drive I just formated and it was in an IE directory and related to FF. That together with the litter of svchost pgms made think something was definitely amiss.

 

[brandonwh64]

I wouldnt worry about svchost.exe, it is not a virus.

svchost.exe is a process and its associated image (executable file) for hosting services. These services are contained within dynamically-linked libraries (DLLs).

 

[Mussels]

the reason you couldnt see them after the format was cause you forgot the 'show process from all users' button...

 

[slyfox2151]

its not a virus.... USUALY

its just random ms software running as far as i know... 11 instances of it running on my pc atm, with avast installed and not even the slightest hint of a virus / malware worm or anything anywhere near my pc.

 

[twilyth]

its not a virus.... USUALY

its just random ms software running as far as i know... 11 instances of it running on my pc atm, with avast installed and not even the slightest hint of a virus / malware worm or anything anywhere near my pc.

I was running malwarebytes and avira and no hints from them either. But now they're gone, so . . .

edit - and like I said - the other 2 machines didn't have a single instance of the pgm - all with W7 64-bit

 

[Mussels]

I was running malwarebytes and avira and no hints from them either. But now they're gone, so . . .

you forgot the button to show all processes.

 

[slyfox2151]

click the show all processes and double check there arnt any running on all 3 pc's? i find it very hard to belive not 1 is running... if not imposible... im sure your network needs 1 to be running to work.

 

[twilyth]

the reason you couldnt see them after the format was cause you forgot the 'show process from all users' button...

Yup. You're right. I guess I never thought to check that off on any of the rigs after the last install.

Think I should delete this then? Your call. I'm used to looking stupid.

 

[slyfox2151]

lol, naa its always good to leave threads up incase someone googles Svchost.exe... they might find this and workout its ment to be running 11 or so times

hopfully it will stop the "i saw Svchost.exe open 10 times so i ended all there process trees and now my pc dosnt work" thead


Edit,

it seems somewhere between 5 and 14 its the average users amount open, my laptop has 9, pc has 11 dads pc has 14. (his if full of crap -.-)




just make sure there not using a TON of ram / cpu usage.... like over 800mb ect.... if they are then somthing is wrong ^^

 

[Mussels]

i've got 12 of em, so yeah.. its fairly normal.

 

[Perseid]

If you use a program called Process Explorer it will let you see what each svchost is actually running.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

[slyfox2151]

If you use a program called Process Explorer it will let you see what each svchost is actually running.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Hmmmm somthing wrong with just right clicking the SvcHost.exe and click Goto Services to see exacly what its running?



Windows Firewal, DHCP, Audio, security center, Homegroup, Event log, RPC, plug and play, windows defender......

these are all things that SvcHost.exe helps to run.

 

[Perseid]

Hmmmm somthing wrong with just right clicking the SvcHost.exe and click Goto Services to see exacly what its running?

Maybe that's a Windows 7 thing. I'm still on XP. Disregard, then. It is still a nifty program, though.

 

[95Viper]

Hmmmm somthing wrong with just right clicking the SvcHost.exe and click Goto Services to see exacly what its running?



Windows Firewal, DHCP, Audio, security center, Homegroup, Event log, RPC, plug and play, windows defender......

these are all things that SvcHost.exe helps to run.

Process Explorer is a very useful program, makes things easy... less clicking and more info.



I like easy and available.

 

[twilyth]

You know, I just realized something though. Where did the infection that MSE picked up come from then? All I did was dl Firefox. From there I installed my normal addons but using FF and the infection was listed mainly in IE directories. There's no way that should have happened.

Also, after the first install I hadn't checked off the view processes from all users option either but i was still seeing the svchosts. I definitely reformatted before both installs. That's a little weird.

 

[slyfox2151]

maybe it was a mis diagnosis? or maybe it just blocked an ad?



yeah its only for 7 and vista(i think).

 

[Laurijan]

Since WinXP SP2 I have had 0 problem with being connected to the internet before all updates were in place and a anti-virus installed.

 

[user09]

Hi.If you had for the first time installed a good antivirus you woud not have to format your systems.I advise tou to pick up another antivirus from top ten best antiviruses http://www.best-antivirus.co/ good luck