C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
C:\WINDOWS\SYSTEM32\SVCHOST.EXE Judy L 08-07-2006
Posted by Judy L on August 7, 2006, 6:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My virus protector is blocking the following


Date/Time :
8/08/2006 - 7:39:56 AM
Event :
Self-Extracting Cabinet has been blocked from starting.

Process :
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
Parent :
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Vendor :
Microsoft Corporation
Version :
Self-Extracting Cabinet
Details :
Community Information - Technical Information

Anyone know what it is - if its safe or not?
Judy



Posted by David H. Lipman on August 7, 2006, 6:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| My virus protector is blocking the following
|
| Date/Time :
| 8/08/2006 - 7:39:56 AM
| Event :
| Self-Extracting Cabinet has been blocked from starting.
|
| Process :
| C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
| Parent :
| C:\WINDOWS\SYSTEM32\SVCHOST.EXE
| Vendor :
| Microsoft Corporation
| Version :
| Self-Extracting Cabinet
| Details :
| Community Information - Technical Information
|
| Anyone know what it is - if its safe or not?
| Judy
|

OK what is your unamed "virus protector" ?
Was it truly anti virus software ? If yes, what was the name of the infector
provided
If No, was it really a FireWall appluication that blocked this ?

%windir%\system32\svchost.exe is a legititmate file.
More information is needed.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Judy L on August 7, 2006, 7:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
David H. Lipman wrote:
>
>> My virus protector is blocking the following
>>
>> Date/Time :
>> 8/08/2006 - 7:39:56 AM
>> Event :
>> Self-Extracting Cabinet has been blocked from starting.
>>
>> Process :
>> C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
>> Parent :
>> C:\WINDOWS\SYSTEM32\SVCHOST.EXE
>> Vendor :
>> Microsoft Corporation
>> Version :
>> Self-Extracting Cabinet
>> Details :
>> Community Information - Technical Information
>>
>> Anyone know what it is - if its safe or not?
>> Judy
>>
>
> OK what is your unamed "virus protector" ?
> Was it truly anti virus software ? If yes, what was the name of the
> infector provided If No, was it really a FireWall appluication that
> blocked this ?
>
> %windir%\system32\svchost.exe is a legititmate file.
> More information is needed.

I was using Prevx1 as my virus protector. I thought it might have been
legitimate, but the virus protector thought otherwise.
Judy



Posted by David H. Lipman on August 7, 2006, 7:48 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| David H. Lipman wrote:
>>
>>> My virus protector is blocking the following
>>>
>>> Date/Time :
>>> 8/08/2006 - 7:39:56 AM
>>> Event :
>>> Self-Extracting Cabinet has been blocked from starting.
>>>
>>> Process :
>>> C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
>>> Parent :
>>> C:\WINDOWS\SYSTEM32\SVCHOST.EXE
>>> Vendor :
>>> Microsoft Corporation
>>> Version :
>>> Self-Extracting Cabinet
>>> Details :
>>> Community Information - Technical Information
>>>
>>> Anyone know what it is - if its safe or not?
>>> Judy
>>>
>> OK what is your unamed "virus protector" ?
>> Was it truly anti virus software ? If yes, what was the name of the
>> infector provided If No, was it really a FireWall appluication that
>> blocked this ?
>>
>> %windir%\system32\svchost.exe is a legititmate file.
>> More information is needed.
|
| I was using Prevx1 as my virus protector. I thought it might have been
| legitimate, but the virus protector thought otherwise.
| Judy
|

Prevx is good software. Albeit, all are know to have an occasional False
Positive
declarartion.

So what did Prevx say %windir%\system32\svchost.exe was infected with ?
Or was it a case the Prevx prevented %windir%\system32\svchost.exe from being
replaced ?


Please submit a sample of "MPAS-D.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?RW5nZWw=?= on August 7, 2006, 6:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello Judy,

I hope what you are seeing is SVCHOST.EXE.

If so, see this article for an explanation:
A description of Svchost.exe in Windows XP Profesional
http://support.microsoft.com/?kbid=314056

It is a good idea to check your system drive for SVCHOST.EXE files.

I've got one in prefetch, one in system32, and one in servicepackfiles\i386,
which looks just like the one in system32. You don't want any in \windows
or \windows\system, for example--those would be good candidates for trojans.

Now--about those host file entries. One reason for returning the file to
the default is so that you can see, for certain, that there are no GOOD
sites mixed in with all the bad sites that those entries were "protecting"
you against visiting. If you want those protective entries back again, run
Spybot Search & Destroy, or some other third-party antispyware
programs--they are what placed the entries there originally.

Go for scans in safe mode and also add Ewido and Ccleaner as Ewido performs
great with Trojans and Ccleaner will clear your temp folders where a lot of
malware hides installers.

Then try Ewido for removal:
http://www.ewido.net/en/download/
Scan your computer now online and clean it for free!

http://www.ccleaner.com/downloadbuilds.asp
Note, When you install Ccleaner, uncheck the Yahoo toolbar option.
Note, in Options, Settings, Advanced, uncheck - Only delete files in Windows
folders older than 48 hours.
Open Ccleaner and press "Windows" "Aplications" and Run Cleaner from the
menu choose 'Issues' and then press scan for issues, Repair any fºund.
Run twice Ccleaner, the same as above,until you get “0 bytes to be removed”.
--

"Judy L" wrote:

> My virus protector is blocking the following
>
>
> Date/Time :
> 8/08/2006 - 7:39:56 AM
> Event :
> Self-Extracting Cabinet has been blocked from starting.
>
> Process :
> C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
> Parent :
> C:\WINDOWS\SYSTEM32\SVCHOST.EXE
> Vendor :
> Microsoft Corporation
> Version :
> Self-Extracting Cabinet
> Details :
> Community Information - Technical Information
>
> Anyone know what it is - if its safe or not?
> Judy
>
>
>


The site map in XML format XML site map

Contact Us | Privacy Policy