Do any of these symptoms sound familiar?
1.Your system becomes sluggish and you find that something called svchost or dllhost is taking nearly 100% of your CPU.
2.Your system reports that svchost has performed an illegal operation and will be terminated. After that, various things fail to work properly, if at all.
3.After you log in, your system automatically reboots in one minute
If so, then it's almost certain that you either have a virus or your system is currently vulnerable to a particular type of exploit known as the "RPC buffer overflow". We'll look at addressing both.
But just what is svchost?
Let me tell you what it is not: On Windows XP, 2000, and 2003, svchost is not a virus. On those systems, svchost is a required system component. If you happen to successfully delete it, your system will not run. You'll be much worse off than before. (Win95, 98, and Me users)
Do not delete svchost.exe. Don't even think about it. [Important: do not confuse svchost, which we are discussing here, with scvhost, which has two letters transposed...see again !! They are not the same thing. The presence of scvhost may indicate a virus.]
Svchost, which is short for "service host", is a core part of the operating system that provides support to many of the required services that are Windows. You can see all the copies of svchost and what services they are running by typing "tasklist / svc" in a command window. If you don't have tasklist, or just prefer not to use the command shell, you can use SysInternals Process Explorer instead. (Check out my previous article "What is Tasklist.exe, and why don't I have it?" for details.) On my machine, one copy of svchost is responsible for 30 separate services, another is hosting 4, and the remaining 3 host one service apiece.
"On Windows XP, 2000, and 2003, svchost is not a virus. On those systems, svchost is a required system component."
How to Remove It :
OK here we go, you must follow this step on how to remove this virus in manually method:
* Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
* And after you log-in the command prompt you must log-in as Administrator.
* Type cd C:\windows\system32
* Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
* Type ATTRIB -H -R -S SCVHOST.EXE
* Type ATTRIB -H -R -S BLASTCLNNN.EXE
* Type ATTRIB -H -R -S AUTORUN.INI
* Type DEL SCVHOST.EXE
* Type DEL BLASTCLNNNN.EXE
* Type DEL AUTORUN.INI
* Type CD\
* Type ATTRIB -H -R -S AUTORUN.INF
* Type DEL AUTORUN.INF
You are almost done, reboot your PC you may seat back and relax.. :) while loading...
Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. :)
Look the location entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, if you see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
Look the location entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.
OK you are now done.. Please Restart your PC now and Enjoy!!!
