Results 1 to 3 of 3

Thread: Is svchost a threat to my system?

  1. #1
    malburley Guest

    Default Is svchost a threat to my system?

    Any ideas would be appreciated.

    My computer has lately (since updating to latest ZA version) slowed down on startup and shutdown. I am also running Forcefield.

    I ran msconfig ad see that I have in Running Process at least five references to sychost .exe
    I recall getting a series of alerts sometime ago and gave ZA permission for sychost.exe. Was I wrong to do so?

    svchost.exe LOCAL SERVICE
    svchost.exe NETWORK SERVICE
    svchost.exe NETWORK SERVICE
    svchost.exe SYSTEM
    svchost.exe SYSTEM

    I see that in a Msoft article it says - this should not normally figure in Msconfi/ startup/ This file is located in Winnt or Windows folder has blank entry under the Startuo Item/ Name Field

    My Zone Alarm is up to date and shows no viruses or spyware. I have also just installed
    ZA s Forcefield.

    Should I ignore this or have I got a virus on my harddive, please?

    malburley
    26th Sept 2008

    Operating System:Windows XP Home Edition
    Software Version:
    Product Name:ZoneAlarm Anti-Spyware

  2. #2
    naivemelody Guest

    Default Re: Is svchost a threat to my system?

    Yes, it's normal to have 5 or more 'svchost.exe' - for system services, network, local when viewed in Windows Task Manager; but only one listing in ZA Program Control > Generic Host Process for Win32 Services.
    You need this process. You should put:Trust Level-
    three green bars,
    Access - two green checks,
    Server - Trust - one green check, Internet - red X (some rare occasions a " ? " is needed),
    Mail -red X.<hr>Click here &gt; http://forum.zonelabs.org/zonelabs/b...message.id=145
    NOTE: Make sure all of the following Programs have Trusted and Internet access (2 Green Check Marks):
    a.) All Microsoft and Windows Programs have Green Check marks for Trusted and Internet Access..b.) Generic Host Process for win32 Services (svchost.exe) also allow Trusted Server Rightsc.) IE Crash Detectiond.) Internet Explorer or FireFoxe.) Malicious Software Removal Toolf.) True Vector Service
    (If it is listed)g.) Zone Alarm Clienth.) Zone Alarm Updating Clienti.) Your Email Client needs Trusted, Internet access
    and Send Mail all need Green check Marks..<hr>What is generic host process - click here &gt; http://www.computing.net/answers/sec...vices/272.html<hr>and here &gt; http://www.spywareinfoforum.com/lofi...hp/t70581.html<hr>here &gt; http://support.microsoft.com/default...;en-us;Q314056<hr>svchost.exe is a program that would have arrived on your computer the day you purchased it. Always verify the exact disk location as shown below, since many spyware and virus writers attempt to fool you by using similiar or same names but locate the file in other folders. Svchost.exe is a program which is a critical windows program which monitors programs, manages dll's, and controls loading of system processes. You will find multiple occurances of this running. This will always be running and you cannot kill this task. This svchost.exe file is considered safe and is not spyware or virus related, however, make sure the file is not located at c:\svchost.exe, as many viruses and spyware programs have used this name to confuse you, and several viruses put this svchost name in your root directory which is not the proper location for this file. Also pay close attention that svchost is not spelled scvhost, as these are not the same but look so close its hard to notice!


    What is the svchost.exe location, where is it stored on my computer?
    This program is located in your Windows\system32 folder, as in %SystemRoot%\System32\svchost.exe<hr>svchost.exe should not be disabled, required for essential applications to work properly..<hr>&quot;In general....
    svchost.exe will connect in and out of the 127.0.0.1 (loopback address) and the 0.0.0.0 (non-route or zero octet address) by TCP (and UDP), connect to the remote port 67 of the DHCP server and accept connections from the dhcp server's port 67 to the computer's own port 68, connect to the remote port 53 of the DNS server and accept connections from that DNS server's port 53, connect to the remote port 123 of the time server and accept incoming connections from that port.
    Svchost.exe can be seen in many outgoing connections in windows going to the remote ports 80 (HTTP), 443 (HTTPS) and other things such as RTSP, POP3, etc.
    Also used in the tracert, ping, nslookups, etc.
    But not limited to just these, as these are some of the generally seen items for the average home user.
    Usually the other window processes such as winlogon.exe, userinit.exe, csrss.exe, services.exe, explorer.exe, rundll32.exe and a few others are associated with these svchost.exe connections too.

    Oldsod.&quot;<hr>As for the the slowdown with ForceField...
    Well you can try out some of these moves:
    1- Clear out virtual data - Settings &gt; Advanced &gt; Virtualization &gt; Clear virtual data - you may want to do this at the end of each day or every week or any other schedule.
    2A- You can 'Exit ForceField' before shutdown &gt; ( right click FF tray icon&gt; see &quot;Exit&quot; ; if you have it on default - it will auto-start the next time you start up) = this takes care of slow shutdowns due to ForceField.
    2B - You can 'Un-check &quot;Startup&quot; of ForceField &gt; ( Settings &gt; General &gt; uncheck box for 'Startup' ) Then you will have to manually start-up FF at your convenience after your normal pc start-up, easy to do. { I created a desktop icon for my ForceField or you can go to 'All Programs to start it up }
    3- In ZA Program Control - ForceField - it will usually ask for &quot;Server - 'trust and internet&quot; = with both
    green checks; I have mine with 'trust = green check' // 'internet = ' ? ' which works for me. ( this is for the Server only - the Access has both green checks)<hr>Sidenote if you have ZA Anti-spyware firewall - the last version you can have is 7.0.483; {mine expires in Nov. and will have the option for 'free upgrade to ZA Pro 8.0 }. Click here &gt; http://www.zonealarm.com/store/conte...US&amp;lang=en
    .<hr>:8}NaiveMelody NYC 9-26-08 - Borderline - Madonna





    Message Edited by NaiveMelody on 05-24-2009 08:27 PM

  3. #3
    malburley Guest

    Default Is svchost a threat to my system?

    Thanks for your suggestions which I will try later and let you know the outcome.
    Thanks too for ZoneAlarm pro tip which i am following up.
    Malcolm

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •