From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: Tue, 12 Jul 2005 22:16:46 -0600
Thank you for the correction David.
Your more correct information may be helpful to the OP especially if the
spelling used by the OP meant the usually normal version.
-- Jupiter Jones [MVP] http://www3.telus.net/dandemar http://www.dts-l.org "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%> Jupiter: > > The statemnt "svchost.exe is good and normal" is only partially true. > > The fact is there are *many* forms of malware that use that name. When > one sees SVCHOST.EXE > on a Win9x/ME PC it is guaranteed to be malware. If SVCHOST.EXE is found > on a NT based OS > in other than > %windir%\system32\svchost.exe (and the usual OS CACHE/ServicePack folders) > it is most likley > an infector. > > For example, if SVCHOST.EXE is found in %windir%, it could be > 'W32/Opanki.worm'- > http://vil.nai.com/vil/content/v_133397.htm > > Or if SVCHOST.EXE is found in c:\, it could be 'W32/CodeBlue.worm' - > http://vil.nai.com/vil/content/v_99202.htm > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > >