1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

The importance of updates on a post-virus install

Discussion in 'Networking & Security' started by twilyth, Jul 24, 2010.

  1. twilyth Guest

    I'm not sure I had a virus, but at this point, I would have to say that the odds are in favor of it.

    I noticed that of 3 machines, only one had a dozen or more instances of svchost.exe. In fact, on the other 2, there were no instances at all. So I formatted the drive and reinstalled W7.

    But before the updates were done, i used IE to dl firefox. A couple hours later I happen to look at taskmanger and there are those svchost pgms again.

    So I format and reinstall again, but this time do all the updates first before even enabling the ethernet card (i turned it on to dl the updates and off while they were being installed).

    Now when I check, not a single svchost is running.

    I should also mention that after the first install, FF was acting weird, telling me that it was running in "safe mode" - whatever that is.

    the only way I could have gotten infected again was through a hole in IE. But even that blows my mind because that means that these guys must be sitting on every IP address out there like hungry dogs.

    I still have some more software to install before the 2 installs are exactly comparable, but I don't think anything I have left will be needing a dozen instances of svchost.

    edit: oh, the reason I was in taskmanager was because MSE found a virus in a file on the drive I just formated and it was in an IE directory and related to FF. That together with the litter of svchost pgms made think something was definitely amiss.
     
  2. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,831 (9.54/day)
    Thanks Received:
    6,282
    Location:
    Chatsworth, GA
    I wouldnt worry about svchost.exe, it is not a virus.

    [​IMG]

    svchost.exe is a process and its associated image (executable file) for hosting services. These services are contained within dynamically-linked libraries (DLLs).
     
    Crunching for Team TPU
  3. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,629 (11.31/day)
    Thanks Received:
    9,882
    the reason you couldnt see them after the format was cause you forgot the 'show process from all users' button...
     
  4. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,612 (1.18/day)
    Thanks Received:
    525
    Location:
    Brisbane, Australia
    its not a virus.... USUALY :p

    its just random ms software running as far as i know... 11 instances of it running on my pc atm, with avast installed and not even the slightest hint of a virus / malware worm or anything anywhere near my pc.
     
  5. twilyth Guest

    I was running malwarebytes and avira and no hints from them either. But now they're gone, so . . .

    edit - and like I said - the other 2 machines didn't have a single instance of the pgm - all with W7 64-bit
     
  6. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,629 (11.31/day)
    Thanks Received:
    9,882
    you forgot the button to show all processes.
     
  7. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,612 (1.18/day)
    Thanks Received:
    525
    Location:
    Brisbane, Australia
    click the show all processes and double check there arnt any running on all 3 pc's? i find it very hard to belive not 1 is running... if not imposible... im sure your network needs 1 to be running to work.
     
  8. twilyth Guest

    Yup. You're right. I guess I never thought to check that off on any of the rigs after the last install.

    Think I should delete this then? Your call. I'm used to looking stupid.
     
  9. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,612 (1.18/day)
    Thanks Received:
    525
    Location:
    Brisbane, Australia
    lol, naa its always good to leave threads up incase someone googles Svchost.exe... they might find this and workout its ment to be running 11 or so times :D

    hopfully it will stop the "i saw Svchost.exe open 10 times so i ended all there process trees and now my pc dosnt work" thead :p


    Edit,

    it seems somewhere between 5 and 14 its the average users amount open, my laptop has 9, pc has 11 dads pc has 14. (his if full of crap -.-)




    just make sure there not using a TON of ram / cpu usage.... like over 800mb ect.... if they are then somthing is wrong ^^
     
  10. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,629 (11.31/day)
    Thanks Received:
    9,882
    i've got 12 of em, so yeah.. its fairly normal.
     
  11. Perseid New Member

    Joined:
    Jul 4, 2010
    Messages:
    156 (0.09/day)
    Thanks Received:
    34
    Location:
    Wisconsin, USA
  12. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,612 (1.18/day)
    Thanks Received:
    525
    Location:
    Brisbane, Australia
    Hmmmm somthing wrong with just right clicking the SvcHost.exe and click Goto Services to see exacly what its running?



    Windows Firewal, DHCP, Audio, security center, Homegroup, Event log, RPC, plug and play, windows defender......

    these are all things that SvcHost.exe helps to run.
     
  13. Perseid New Member

    Joined:
    Jul 4, 2010
    Messages:
    156 (0.09/day)
    Thanks Received:
    34
    Location:
    Wisconsin, USA
    Maybe that's a Windows 7 thing. I'm still on XP. Disregard, then. :) It is still a nifty program, though.
     
  14. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,484 (1.95/day)
    Thanks Received:
    1,642
    Location:
    στο άλφα έως ωμέγα
    Process Explorer is a very useful program, makes things easy... less clicking and more info.

    pe.jpg

    I like easy and available.:)
     
    Last edited: Jul 24, 2010
  15. twilyth Guest

    You know, I just realized something though. Where did the infection that MSE picked up come from then? All I did was dl Firefox. From there I installed my normal addons but using FF and the infection was listed mainly in IE directories. There's no way that should have happened.

    Also, after the first install I hadn't checked off the view processes from all users option either but i was still seeing the svchosts. I definitely reformatted before both installs. That's a little weird.
     
  16. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,612 (1.18/day)
    Thanks Received:
    525
    Location:
    Brisbane, Australia
    maybe it was a mis diagnosis? or maybe it just blocked an ad?



    yeah its only for 7 and vista(i think).
     
  17. Laurijan

    Laurijan

    Joined:
    Feb 10, 2007
    Messages:
    2,290 (0.79/day)
    Thanks Received:
    361
    Location:
    Oulu, Finland
    Since WinXP SP2 I have had 0 problem with being connected to the internet before all updates were in place and a anti-virus installed.
     
  18. user09 New Member

    Joined:
    Jul 27, 2010
    Messages:
    1 (0.00/day)
    Thanks Received:
    0
    Hi.If you had for the first time installed a good antivirus you woud not have to format your systems.I advise tou to pick up another antivirus from top ten best antiviruses http://www.best-antivirus.co/ good luck
    :):)
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page