As an avid computer user, I got infected with adware, malware, worms, and other pesky malicious programs that eluded my anti-malware and anti-virus protection. Because of this, I learned very quickly how to solve the problems that these malicious programs cause. In this article, I will help you to deal with very annoying malware that uses svchost.exe as an excuse to decimate your computer.
This guide will only help you if you are suffering from the following problems:
- You have found a file named svchost.exe in C:\windows. This file is usually 20KB in size and if you try to delete it you will be told it is in use and cannot be deleted.
- When an anti-virus, anti-malware, or another program like RKill.exe stops or blocks a program titled .\globalroot\systemroot\svchost.exe from running
- An antimalware or antivirus program has detected a rootkit named Rootkit.Boot.Pihar. b.
- An anti-malware or anti-virus program has detected a malicious file appearing at C:\ProgramData\Microsoft\DRM\ with a somewhat random filename, usually consisting of four or five random characters. This file is usually a .tmp file. Your anti-virus or anti-malware program usually flags it as Win32-Alureon. Warning: Alureon has been known to steal usernames and passwords, including bank account and credit card information. That is why I advise you to contact a computer specialist to know how to fix the possible damage. Also, you should contact your bank and credit card company if you used this information on the infected computer.
Nevertheless, this article may be useful for you as the following information can be used for removal and protection from other malicious programs.
Table of Contents
What is svchost.exe and what does it do?
In general, svchost.exe is a non-malicious program, required for Windows. It is a common host process name for services run by dynamically linked libraries. But I want to make it easy for you: Some time ago Microsoft started to package all important files in .dll files instead of .exe files. This resulted in fewer files, saving space and allowing systems to run faster. However, the problem is that Windows needs a .exe file to run these .dll files. Therefore, svchost.exe was created to run a number of these processes.
When svchost.exe is doing its job, you may find multiple instances of it. The only place it should run from is C:\Windows\System32. In most cases, it is around 27 KB in size. In general, many different forms of malware like to hide as svchost.exe. The case I am dealing with is not related to the blastclnnn.exe variant.
Malware usually does a lot of damage to your system, so it’s always good to get rid of it.
RELATED: How to Rescue Your Photos From the My Secret Folder and Other iPhone Apps
Let’s start:
For each program I mention, I will provide download links right next to the program’s name. All the programs I mention are completely safe, 100% free, and have saved my back more than once. I highly recommend keeping them at least on a memory stick for future infections.
1. Rkill.exe
Rkill.exe is probably one of the most useful programs I’ve ever used. Your antivirus may try to prevent this program from running, so you may need to disable programs like Avast! Disable the anti-virus before running it.
Simply put, Rkill scans for malicious or potentially malicious programs and terminates them, creating a list of terminated processes. With the help of Rkill, I first found out about a computer infected with svchost.
All you have to do is download the program and run the .exe file. After you have checked for malicious processes and killed them, just close the window and make a note of which programs you killed.
2. TDSSKiller.exe
TDSSKiller is a wonderful program that finds and eliminates the malicious rootkit. Just download the .zip file, unzip it on the infected computer, and run the .exe file. Leave all options at their default values and run the scan. After verification, all malicious files (if any) are removed. For each individual file, leave the options at their default values (i.e., skip) and click Next.
Note: This may require a reboot. Do it calmly.
3. aswMBR
Just run the .exe file and click the Scan button. This gives you a good overview of the location of possible rootkits. A file called MBR.dat will also be created on your desktop. Don’t delete them! It is a backup copy of the main boot file.
You might also find the Alureon malware I mentioned earlier. Feel free to search for it and make sure you can view hidden folders and delete files in their location.
RELATED: What Each Colored Wire Inside a USB cables Means
4. Malwarebytes: Anti-Malware
After installing and updating MBAM, run a full scan of your computer, sit back and relax. This can take a few hours. MBAM is a great tool in case of infection, however active protection is only available to premium members, so keep that in mind.
5. ESET Online Scanner
Scan in the browser, only through Internet Explorer. If you use a different browser, you should be prompted to install the program on your computer. Complete the installation and follow all the instructions.
When you go to the scan, select “Scan archives” and “Remove found threats” under Scan settings. Then click “Advanced Settings” and select the following:
- Scan potentially unwanted applications
- Scan for potentially dangerous applications
- Enable anti-stealth technology
ESET will download, update and start scanning your computer. This can take some time.
We are nearly finished!
The last thing you need to do is make sure that your computer’s HOST file is repaired because it is usually corrupted by svchost.exe.
6. Repair
Click on the “Repair” button and then simply follow the instructions.
And that’s it! Your computer should now be clean.
Some tips:
Always make sure that all Java and Adobe programs are up to date as they can be easily exploited. Also, make sure your anti-virus and anti-malware programs are always up to date: just one day of new viruses can seriously damage your system! And finally, you should never click on untrustworthy links or download programs like toolbars unless they are guaranteed to be from reputable companies or people like Google, Yahoo, Microsoft, or any of the major technology websites that I refer to in this article for various downloads have linked. (Note: it is not uncommon for malware distributors to impersonate Microsoft).
Can I delete the svchost.exe virus?
You cannot delete the genuine svchost.exe file from your computer as it is too integrated into one process and is indispensable, but you can remove the fake files. If the svchost.exe file is located somewhere other than the \System32\ or \SysWOW64\ folder mentioned above, you can delete it with 100% safety.
Is killing svchost.exe safe?
Do not delete legitimate svchost.exe files. However, there are signs that this process is hiding more troubling activities: you can find svchost.exe outside of %SystemRoot%\SysWOW64 or %SystemRoot%\System32. For example, the process should be suspicious if it contains a random folder like Music or Downloads.
What is svchost.exe Is it a virus?
Svchost.exe actually stands for “Service Host” and is a file used by many Windows applications. Despite this, it is often confused with a virus since malware authors are known to attach malicious files to svchost.exe to avoid detection.
What svchost.exe Can I end?
You can close processes like svchost.exe in Task Manager. To do this, go to the “Processes” view, right-click on the process, and select “End task”. Killing system processes can cause unexpected problems in the running operating system.
Is every .exe a virus?
A .exe file can be a virus, but surely not all of them are. In fact, most of them are safe to use or even required for Windows systems to run. It all depends on what is contained in a .exe file. Basically, .exe files are programs that have been translated (compiled) into machine code.
Does deleting an exe uninstall it?
Uninstallation is the process of removing a program and its associated files from a computer’s hard drive. The uninstall function differs from the delete function in that it safely and efficiently removes all associated files, while delete only removes a portion of a selected program or file.
Why do I have 50 svchost.exe running?
It is a systematic process used by several Windows services since the release of the Windows 2000 operating system. In the new version of Windows 10, the services groups in previous Windows versions are now separated and run in their own svchost process. So this is completely normal.
Is your phone exe a virus?
Answer: Your Phone is a legitimate Windows software that allows users to connect their mobile phones to the system and receive all the latest notifications from their mobile phones on their system, but some malicious programs impersonate Yourphone.exe and try to do that damaging the system.
Are .exe files harmful?
While most .exe files are safe, some can be harmful to your computer. If you are not sure about a file, do not open it. .exe files from unknown sources may contain viruses or malware that can harm your computer. When it comes to downloaded files, it’s always best to play them safely.
