its running in my processes as well as 7 other labeled, "svchost.exe" but what is svdhost.exe I can't find the file anywhere using my search and I can't get much info on it either, any help would be much appreciated
2007-12-03 11:08:12 · 4 answers · asked by Anonymous in Computers & Internet ➔ Security
W32/Sdbot-NI is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-NI copies itself to the Windows system folder as SVDHOST.EXE and creates the following entries in the registry to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Com Port Manager = svdhost.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Com Port Manager = svdhost.exe
W32/Sdbot-NI spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
Recovery
Summary Description Recovery
This section tells you how to remove the threat.
Please follow the instructions for removing worms.
You will also need to edit the following registry entries, if present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Com Port Manager = svdhost.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Com Port Manager = svdhost.exe
and delete them if they exist.
Close the registry editor.
Check your administrator passwords and review network security.
2007-12-03 11:13:30 · answer #1 · answered by skibum62948 2 · 2⤊ 0⤋
Here is the information that you want to know. I advise you to leave them alone, or you will not have a running system. (Usually these files are hidden).
(Generic Host Process for Win32 Services) is an integral part of Windows OS
Minddoctor, France
2007-12-03 11:12:47 · answer #2 · answered by MINDDOCTOR 7 · 0⤊ 1⤋
you are looking at a file extention which usually cannot be opened in any of windows program. An attempt to open it will most likely result in a request by windows to locate the program that created it.
2007-12-03 11:26:01 · answer #3 · answered by The Small Show 1 · 0⤊ 0⤋
SVCHOST.EXE is GOOD
SVDHOST.EXE is BAD
Run GarbageClean from http://www.SecureMyWindows.com to remove it.
2007-12-03 15:40:48 · answer #4 · answered by Anonymous · 0⤊ 0⤋