Re: SVChost.exe is making my life miserable!
From: serverguy (nospam_at_hatespam.com)
Date: 06/29/04
- Previous message: Alfredo Garcia: "Administrator Password"
- In reply to: Dave: "Re: SVChost.exe is making my life miserable!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 12:16:40 -0400
Good advice from Dave, also patch your system with Windows Updates and note
that some viruses need to be removed manually with special tools like the
Stinger tool. If a specific virus is found, I suggest searching for it by
name on Symantec's site and follow their directions for proper removal of
the virus.
"Dave" <noone@nowhere.com> wrote in message
news:%23knjhN7WEHA.3596@tk2msftngp13.phx.gbl...
> you are still infected and your machine is trying to spread the infection
> with all those connections. thank god you are on a dialup and it crashes
> your machine. update your virus definitions, get the latest adaware and
> spybot s&d, scan with everything you can find. oh, and remember that some
> viruses disable virus scanners, so you may want to boot in safe mode or
> manually kill suspect processes before trying to get updates and do scans.
>
> oh, and while you are at it put in a dummy name for posting on here, you
> will be receiving more virus laden email by posting with a real email
> address.
>
> "Vijay" <vijaynats@yahoo.com> wrote in message
> news:u5ADEA7WEHA.212@TK2MSFTNGP12.phx.gbl...
> > Hello all! I have a windows 2000 professional machine with a dialup
> internet
> > connection. Everything is fine when i am not connected to the net. Once
i
> > connect, SVCHost.exe starts making lots of tcp connections to god knows
> > where. After sometime, the number of connection goes into the hundreds
and
> > my machine literally starts to crawl. Links on web pages don't work.
Copy
> > and paste does not work. RPC Processes crashes after windows reports
that
> > scvhost.exe has done some illegal operation! Disconnect dialup does not
> > work - Finally i'm so cheased off that i have to press the reset button!
> >
> > I have Norton Antivirus running and it quarantined explorer.exe infected
> > with Trojan.VirtualRoot.
> > I'm also running Lavasoft Adaware.
> >
> > Can anyone tell me what's going on inside my box?
> >
> > HELP ME PLEASE!
> >
> > Vijay
> >
> > Here are the dumps for NETSTAT -
> >
> > Have a look at the dump of netstat before connecting to the net
> >
> >
> > Active Connections
> >
> > Proto Local Address Foreign Address State
> > TCP vijay:http vijay:0 LISTENING
> > TCP vijay:epmap vijay:0 LISTENING
> > TCP vijay:https vijay:0 LISTENING
> > TCP vijay:microsoft-ds vijay:0 LISTENING
> > TCP vijay:1025 vijay:0 LISTENING
> > TCP vijay:1027 vijay:0 LISTENING
> > TCP vijay:1030 vijay:0 LISTENING
> > TCP vijay:1291 vijay:0 LISTENING
> > TCP vijay:7160 vijay:0 LISTENING
> > TCP vijay:7893 vijay:0 LISTENING
> > UDP vijay:epmap *:*
> > UDP vijay:microsoft-ds *:*
> > UDP vijay:1026 *:*
> > UDP vijay:3456 *:*
> >
> > Now have a look at what happens after sometime (holy cow u'll need lotsa
> > patience here)
> >
> > Active Connections
> >
> > Proto Local Address Foreign Address State
> > TCP vijay:http vijay:0 LISTENING
> > TCP vijay:https vijay:0 LISTENING
> > TCP vijay:microsoft-ds vijay:0 LISTENING
> > TCP vijay:1025 vijay:0 LISTENING
> > TCP vijay:1027 vijay:0 LISTENING
> > TCP vijay:1032 vijay:0 LISTENING
> > TCP vijay:1117 vijay:0 LISTENING
> > TCP vijay:1762 vijay:0 LISTENING
> > TCP vijay:2093 vijay:0 LISTENING
> > TCP vijay:2119 vijay:0 LISTENING
> > TCP vijay:2378 vijay:0 LISTENING
> > TCP vijay:2398 vijay:0 LISTENING
> > TCP vijay:2434 vijay:0 LISTENING
> > TCP vijay:2502 vijay:0 LISTENING
> > TCP vijay:2576 vijay:0 LISTENING
> > TCP vijay:2577 vijay:0 LISTENING
> > TCP vijay:2578 vijay:0 LISTENING
> > TCP vijay:2579 vijay:0 LISTENING
> > TCP vijay:2580 vijay:0 LISTENING
> > TCP vijay:2581 vijay:0 LISTENING
> > TCP vijay:2582 vijay:0 LISTENING
> > TCP vijay:2583 vijay:0 LISTENING
> > TCP vijay:2584 vijay:0 LISTENING
> > TCP vijay:2585 vijay:0 LISTENING
> > TCP vijay:2586 vijay:0 LISTENING
> > TCP vijay:2587 vijay:0 LISTENING
> > TCP vijay:2588 vijay:0 LISTENING
> > TCP vijay:2589 vijay:0 LISTENING
> > TCP vijay:2590 vijay:0 LISTENING
> > TCP vijay:2591 vijay:0 LISTENING
> > TCP vijay:2592 vijay:0 LISTENING
> > TCP vijay:2593 vijay:0 LISTENING
> > TCP vijay:2594 vijay:0 LISTENING
> > TCP vijay:2595 vijay:0 LISTENING
> > TCP vijay:2596 vijay:0 LISTENING
> > TCP vijay:2597 vijay:0 LISTENING
> > TCP vijay:2598 vijay:0 LISTENING
> > TCP vijay:2599 vijay:0 LISTENING
> > TCP vijay:2600 vijay:0 LISTENING
> > TCP vijay:2602 vijay:0 LISTENING
> > TCP vijay:2603 vijay:0 LISTENING
> > TCP vijay:2604 vijay:0 LISTENING
> > TCP vijay:2605 vijay:0 LISTENING
> > TCP vijay:2606 vijay:0 LISTENING
> > TCP vijay:2607 vijay:0 LISTENING
> > TCP vijay:2608 vijay:0 LISTENING
> > TCP vijay:2609 vijay:0 LISTENING
> > TCP vijay:2610 vijay:0 LISTENING
> > TCP vijay:2611 vijay:0 LISTENING
> > TCP vijay:2612 vijay:0 LISTENING
> > TCP vijay:2613 vijay:0 LISTENING
> > TCP vijay:2614 vijay:0 LISTENING
> > TCP vijay:2615 vijay:0 LISTENING
> > TCP vijay:2616 vijay:0 LISTENING
> > TCP vijay:2617 vijay:0 LISTENING
> > TCP vijay:2618 vijay:0 LISTENING
> > TCP vijay:2619 vijay:0 LISTENING
> > TCP vijay:2620 vijay:0 LISTENING
> > TCP vijay:2621 vijay:0 LISTENING
> > TCP vijay:2622 vijay:0 LISTENING
> > TCP vijay:2623 vijay:0 LISTENING
> > TCP vijay:2624 vijay:0 LISTENING
> > TCP vijay:2625 vijay:0 LISTENING
> > TCP vijay:2626 vijay:0 LISTENING
> > TCP vijay:2627 vijay:0 LISTENING
> > TCP vijay:2628 vijay:0 LISTENING
> > TCP vijay:2629 vijay:0 LISTENING
> > TCP vijay:2630 vijay:0 LISTENING
> > TCP vijay:2631 vijay:0 LISTENING
> > TCP vijay:2766 vijay:0 LISTENING
> > TCP vijay:2953 vijay:0 LISTENING
> > TCP vijay:3026 vijay:0 LISTENING
> > TCP vijay:3718 vijay:0 LISTENING
> > TCP vijay:4962 vijay:0 LISTENING
> > TCP vijay:1117 12-216-252-134.client.mchsi.com:6667
> > ESTABLISHED
> > TCP vijay:1126 61.2.227.132:epmap TIME_WAIT
> > TCP vijay:1131 61.2.227.137:epmap TIME_WAIT
> > TCP vijay:1138 61.2.227.132:epmap TIME_WAIT
> > TCP vijay:1140 61.2.227.137:epmap TIME_WAIT
> > TCP vijay:1169 61.2.227.132:epmap TIME_WAIT
> > TCP vijay:1183 61.2.227.186:epmap TIME_WAIT
> > TCP vijay:1216 61.2.227.186:epmap TIME_WAIT
> > TCP vijay:1355 61.2.227.137:epmap TIME_WAIT
> > TCP vijay:1375 61.2.227.186:epmap TIME_WAIT
> > TCP vijay:1398 61.2.228.140:epmap TIME_WAIT
> > TCP vijay:1406 61.2.228.148:epmap TIME_WAIT
> > TCP vijay:1410 61.2.228.140:epmap TIME_WAIT
> > TCP vijay:1432 61.2.228.148:epmap TIME_WAIT
> > TCP vijay:1439 61.2.228.179:epmap TIME_WAIT
> > TCP vijay:1448 61.2.228.179:epmap TIME_WAIT
> > TCP vijay:1457 61.2.228.196:epmap TIME_WAIT
> > TCP vijay:1466 61.2.228.196:epmap TIME_WAIT
> > TCP vijay:1479 61.2.228.217:epmap TIME_WAIT
> > TCP vijay:1497 61.2.228.217:epmap TIME_WAIT
> > TCP vijay:1500 61.2.228.237:epmap TIME_WAIT
> > TCP vijay:1502 61.2.228.239:epmap TIME_WAIT
> > TCP vijay:1509 61.2.228.237:epmap TIME_WAIT
> > TCP vijay:1513 61.2.228.248:epmap TIME_WAIT
> > TCP vijay:1518 61.2.228.248:epmap TIME_WAIT
> > TCP vijay:1526 61.2.228.217:epmap TIME_WAIT
> > TCP vijay:1528 61.2.229.4:epmap TIME_WAIT
> > TCP vijay:1540 61.2.229.4:epmap TIME_WAIT
> > TCP vijay:1547 61.2.228.237:epmap TIME_WAIT
> > TCP vijay:1548 61.2.229.21:epmap TIME_WAIT
> > TCP vijay:1552 61.2.229.25:epmap TIME_WAIT
> > TCP vijay:1559 61.2.229.21:epmap TIME_WAIT
> > TCP vijay:1571 61.2.229.25:epmap TIME_WAIT
> > TCP vijay:1573 61.2.229.41:epmap TIME_WAIT
> > TCP vijay:1580 61.2.229.4:epmap TIME_WAIT
> > TCP vijay:1586 61.2.229.53:epmap TIME_WAIT
> > TCP vijay:1590 61.2.229.41:epmap TIME_WAIT
> > TCP vijay:1605 61.2.229.53:epmap TIME_WAIT
> > TCP vijay:1612 61.2.229.21:epmap TIME_WAIT
> > TCP vijay:1635 61.2.229.53:epmap TIME_WAIT
> > TCP vijay:1636 61.2.229.41:epmap TIME_WAIT
> > TCP vijay:1762 61.2.167.88:epmap ESTABLISHED
> > TCP vijay:2040 61.2.215.136:epmap TIME_WAIT
> > TCP vijay:2093 61.2.228.239:epmap ESTABLISHED
> > TCP vijay:2119 203.199.83.131:http ESTABLISHED
> > TCP vijay:2132 61.2.216.17:epmap TIME_WAIT
> > TCP vijay:2138 61.2.216.17:epmap TIME_WAIT
> > TCP vijay:2190 61.2.216.74:epmap TIME_WAIT
> > TCP vijay:2201 61.2.216.74:epmap TIME_WAIT
> > TCP vijay:2315 61.2.232.1:epmap TIME_WAIT
> > TCP vijay:2318 61.2.232.4:epmap TIME_WAIT
> > TCP vijay:2326 61.2.232.1:epmap TIME_WAIT
> > TCP vijay:2327 61.2.232.4:epmap TIME_WAIT
> > TCP vijay:2334 61.2.232.18:epmap TIME_WAIT
> > TCP vijay:2335 61.2.232.19:epmap TIME_WAIT
> > TCP vijay:2343 61.2.232.19:epmap TIME_WAIT
> > TCP vijay:2347 61.2.232.18:epmap TIME_WAIT
> > TCP vijay:2351 61.2.232.33:epmap TIME_WAIT
> > TCP vijay:2355 61.2.232.37:epmap TIME_WAIT
> > TCP vijay:2357 61.2.232.39:epmap TIME_WAIT
> > TCP vijay:2360 61.2.232.42:epmap TIME_WAIT
> > TCP vijay:2361 61.2.232.4:epmap TIME_WAIT
> > TCP vijay:2362 61.2.232.33:epmap TIME_WAIT
> > TCP vijay:2363 61.2.232.37:epmap TIME_WAIT
> > TCP vijay:2365 61.2.232.44:epmap TIME_WAIT
> > TCP vijay:2372 61.2.232.42:epmap TIME_WAIT
> > TCP vijay:2374 61.2.232.52:epmap TIME_WAIT
> > TCP vijay:2378 61.2.232.39:epmap FIN_WAIT_1
> > TCP vijay:2381 61.2.232.44:epmap TIME_WAIT
> > TCP vijay:2389 61.2.232.65:epmap TIME_WAIT
> > TCP vijay:2395 61.2.232.71:epmap TIME_WAIT
> > TCP vijay:2396 61.2.232.72:epmap TIME_WAIT
> > TCP vijay:2398 61.2.216.203:epmap ESTABLISHED
> > TCP vijay:2399 61.2.232.73:epmap TIME_WAIT
> > TCP vijay:2400 61.2.232.37:epmap TIME_WAIT
> > TCP vijay:2401 61.2.232.65:epmap TIME_WAIT
> > TCP vijay:2405 61.2.232.77:epmap TIME_WAIT
> > TCP vijay:2409 61.2.232.71:epmap TIME_WAIT
> > TCP vijay:2410 61.2.232.52:epmap TIME_WAIT
> > TCP vijay:2414 61.2.232.84:epmap TIME_WAIT
> > TCP vijay:2418 61.2.232.73:epmap TIME_WAIT
> > TCP vijay:2422 61.2.232.77:epmap TIME_WAIT
> > TCP vijay:2424 61.2.232.72:epmap TIME_WAIT
> > TCP vijay:2426 61.2.232.93:epmap TIME_WAIT
> > TCP vijay:2431 61.2.232.84:epmap TIME_WAIT
> > TCP vijay:2432 61.2.232.98:epmap TIME_WAIT
> > TCP vijay:2434 61.2.79.171:epmap ESTABLISHED
> > TCP vijay:2438 61.2.232.103:epmap TIME_WAIT
> > TCP vijay:2446 61.2.232.93:epmap TIME_WAIT
> > TCP vijay:2451 61.2.232.116:epmap TIME_WAIT
> > TCP vijay:2453 61.2.232.117:epmap TIME_WAIT
> > TCP vijay:2457 61.2.232.103:epmap TIME_WAIT
> > TCP vijay:2462 61.2.232.98:epmap TIME_WAIT
> > TCP vijay:2467 61.2.232.117:epmap TIME_WAIT
> > TCP vijay:2468 61.2.232.116:epmap TIME_WAIT
> > TCP vijay:2472 61.2.232.73:epmap TIME_WAIT
> > TCP vijay:2487 61.2.232.52:epmap TIME_WAIT
> > TCP vijay:2502 61.2.232.39:epmap SYN_SENT
> > TCP vijay:2576 61.2.232.233:epmap SYN_SENT
> > TCP vijay:2577 61.2.232.234:epmap SYN_SENT
> > TCP vijay:2578 61.2.232.235:epmap SYN_SENT
> > TCP vijay:2579 61.2.232.236:epmap SYN_SENT
> > TCP vijay:2580 61.2.232.237:epmap SYN_SENT
> > TCP vijay:2581 61.2.232.238:epmap SYN_SENT
> > TCP vijay:2582 61.2.232.239:epmap SYN_SENT
> > TCP vijay:2583 61.2.232.240:epmap SYN_SENT
> > TCP vijay:2584 61.2.232.241:epmap SYN_SENT
> > TCP vijay:2585 61.2.232.242:epmap SYN_SENT
> > TCP vijay:2586 61.2.232.243:epmap SYN_SENT
> > TCP vijay:2587 61.2.232.244:epmap SYN_SENT
> > TCP vijay:2588 61.2.232.245:epmap SYN_SENT
> > TCP vijay:2589 61.2.232.246:epmap SYN_SENT
> > TCP vijay:2590 61.2.232.247:epmap SYN_SENT
> > TCP vijay:2591 61.2.232.248:epmap SYN_SENT
> > TCP vijay:2592 61.2.232.249:epmap SYN_SENT
> > TCP vijay:2593 61.2.232.250:epmap SYN_SENT
> > TCP vijay:2594 61.2.232.251:epmap SYN_SENT
> > TCP vijay:2595 61.2.232.252:epmap SYN_SENT
> > TCP vijay:2596 61.2.232.253:epmap SYN_SENT
> > TCP vijay:2597 61.2.232.254:epmap SYN_SENT
> > TCP vijay:2598 61.2.232.255:epmap SYN_SENT
> > TCP vijay:2599 61.2.233.0:epmap SYN_SENT
> > TCP vijay:2600 61.2.233.1:epmap SYN_SENT
> > TCP vijay:2601 61.2.233.2:epmap TIME_WAIT
> > TCP vijay:2602 61.2.233.3:epmap SYN_SENT
> > TCP vijay:2603 61.2.233.4:epmap SYN_SENT
> > TCP vijay:2604 61.2.233.5:epmap SYN_SENT
> > TCP vijay:2605 61.2.233.6:epmap SYN_SENT
> > TCP vijay:2606 61.2.233.7:epmap SYN_SENT
> > TCP vijay:2607 61.2.233.8:epmap SYN_SENT
> > TCP vijay:2608 61.2.233.9:epmap SYN_SENT
> > TCP vijay:2609 61.2.233.10:epmap SYN_SENT
> > TCP vijay:2610 61.2.233.2:epmap ESTABLISHED
> > TCP vijay:2611 61.2.233.11:epmap FIN_WAIT_1
> > TCP vijay:2612 61.2.233.12:epmap SYN_SENT
> > TCP vijay:2613 61.2.233.13:epmap SYN_SENT
> > TCP vijay:2614 61.2.233.14:epmap SYN_SENT
> > TCP vijay:2615 61.2.233.15:epmap SYN_SENT
> > TCP vijay:2616 61.2.233.16:epmap SYN_SENT
> > TCP vijay:2617 61.2.233.17:epmap SYN_SENT
> > TCP vijay:2618 61.2.233.18:epmap SYN_SENT
> > TCP vijay:2619 61.2.233.19:epmap SYN_SENT
> > TCP vijay:2620 61.2.233.20:epmap SYN_SENT
> > TCP vijay:2621 61.2.233.21:epmap SYN_SENT
> > TCP vijay:2622 61.2.233.11:epmap SYN_SENT
> > TCP vijay:2623 61.2.233.22:epmap SYN_SENT
> > TCP vijay:2624 61.2.233.23:epmap SYN_SENT
> > TCP vijay:2625 61.2.233.24:epmap SYN_SENT
> > TCP vijay:2626 61.2.233.25:epmap SYN_SENT
> > TCP vijay:2627 61.2.233.26:epmap SYN_SENT
> > TCP vijay:2628 61.2.233.27:epmap SYN_SENT
> > TCP vijay:2629 61.2.233.28:epmap SYN_SENT
> > TCP vijay:2630 61.2.233.29:epmap SYN_SENT
> > TCP vijay:2631 61.2.233.30:epmap SYN_SENT
> > TCP vijay:2766 61.2.66.16:epmap ESTABLISHED
> > TCP vijay:2953 61.2.164.219:epmap ESTABLISHED
> > TCP vijay:3026 61.2.79.110:epmap ESTABLISHED
> > TCP vijay:3096 207.44.242.54:pop3 TIME_WAIT
> > TCP vijay:3294 207.44.242.54:pop3 TIME_WAIT
> > TCP vijay:3425 61.2.221.16:epmap TIME_WAIT
> > TCP vijay:3432 61.2.221.16:epmap TIME_WAIT
> > TCP vijay:3551 61.2.221.141:epmap TIME_WAIT
> > TCP vijay:3557 61.2.221.141:epmap TIME_WAIT
> > TCP vijay:3559 61.2.221.148:epmap TIME_WAIT
> > TCP vijay:3577 61.2.221.148:epmap TIME_WAIT
> > TCP vijay:3688 61.2.222.20:epmap TIME_WAIT
> > TCP vijay:3700 61.2.222.20:epmap TIME_WAIT
> > TCP vijay:3718 61.2.69.120:epmap ESTABLISHED
> > TCP vijay:3747 61.2.222.20:epmap TIME_WAIT
> > TCP vijay:3770 61.2.222.95:epmap TIME_WAIT
> > TCP vijay:3771 61.2.222.96:epmap TIME_WAIT
> > TCP vijay:3787 61.2.222.95:epmap TIME_WAIT
> > TCP vijay:3788 61.2.222.96:epmap TIME_WAIT
> > TCP vijay:4962 61.2.178.162:epmap ESTABLISHED
> > UDP vijay:tftp *:*
> > UDP vijay:microsoft-ds *:*
> > UDP vijay:1026 *:*
> > UDP vijay:3456 *:*
> > UDP vijay:3663 *:*
> >
> >
> >
> >
> >
>
>
- Previous message: Alfredo Garcia: "Administrator Password"
- In reply to: Dave: "Re: SVChost.exe is making my life miserable!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
