RE: C:\WINDOWS\SYSTEM32\SVCHOST.EXE



Hello Judy,

I hope what you are seeing is SVCHOST.EXE.

If so, see this article for an explanation:
A description of Svchost.exe in Windows XP Profesional
http://support.microsoft.com/?kbid=314056

It is a good idea to check your system drive for SVCHOST.EXE files.

I've got one in prefetch, one in system32, and one in servicepackfiles\i386,
which looks just like the one in system32. You don't want any in \windows
or \windows\system, for example--those would be good candidates for trojans.

Now--about those host file entries. One reason for returning the file to
the default is so that you can see, for certain, that there are no GOOD
sites mixed in with all the bad sites that those entries were "protecting"
you against visiting. If you want those protective entries back again, run
Spybot Search & Destroy, or some other third-party antispyware
programs--they are what placed the entries there originally.

Go for scans in safe mode and also add Ewido and Ccleaner as Ewido performs
great with Trojans and Ccleaner will clear your temp folders where a lot of
malware hides installers.

Then try Ewido for removal:
http://www.ewido.net/en/download/
Scan your computer now online and clean it for free!

http://www.ccleaner.com/downloadbuilds.asp
Note, When you install Ccleaner, uncheck the Yahoo toolbar option.
Note, in Options, Settings, Advanced, uncheck - Only delete files in Windows
folders older than 48 hours.
Open Ccleaner and press "Windows" "Aplications" and Run Cleaner from the
menu choose 'Issues' and then press scan for issues, Repair any fºund.
Run twice Ccleaner, the same as above,until you get “0 bytes to be removed”.
--

"Judy L" wrote:

My virus protector is blocking the following


Date/Time :
8/08/2006 - 7:39:56 AM
Event :
Self-Extracting Cabinet has been blocked from starting.

Process :
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
Parent :
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Vendor :
Microsoft Corporation
Version :
Self-Extracting Cabinet
Details :
Community Information - Technical Information

Anyone know what it is - if its safe or not?
Judy



.