Member Avatar for Aerodome

I've had some problems this week that have make me suspicious that I've been hacked (like having the password on one of my internet services changed) so I've been doing some investigating.

One of the unusual things my search turned up is that I have multiple copies of the svchost.exe file. I have a two copies in the C\WINDOWS\system32 file and one in the C:\i386 file. They all have identical statistics eg. 14,336 kilobytes and etc.

My Windows Defender identifies two svchost.exe files with permission to run one in the system32 file and one in the System32 file(which I was never able to find).

Do you think this is part of some kind of hack or is this normal?

  • 3 Contributors
  • 5 Replies
  • 112 Views
  • 3 Weeks Discussion Span
  • Latest Post Latest Post by gerbil

Recommended Answers

All 5 Replies

Member Avatar for zandiago

When last have you had a virus scan. Malwares(trojans, worms, spyware, adware, key-loggers...ect...) may sometimes change your internet settings. I also recommend for you to clean/repair your registry. Is your internet firewall enabled? What type of computer do you have?

Member Avatar for Aerodome

Hi zaniago, thanks for replying.

I have Windows XP service pack 2.

I've done several different virus/spyware scans with several different programs. I do have the Kaspersky firewall and as far as I can tell it is activated.

I recently tried to install the peoplepc dialer and I think that was part of my problem (they are sooo fired) but I also installed some freeware graphics programs so that could be part of the problem too.

I have done some registry cleanups and that seems to have cleared up some of my excess internet chatter but I still have several copies of svchost.exe installed on my hard drive which is kind of weirding me out. (and I still have a little bit of unusual internet chatter)

There are two installed in the Windows/system 32: one named svchost.exe and the other named svchost(2).exe and of course the copy installed in the C:\i386 file.

I should probably clarify that these are copies that are actually installed and not copies that are being loaded at run time.

Member Avatar for gerbil

Aero, you should have only two copies of that file. svchost.exe lives in and runs from system32\; the copy in i386 is the backup copy used by windows file protection system. Delete the duplicate in system32.
If you run system file checker it will examine the file in system32 and if it is corrupted, copy in the one in i386; if that is corrupted it will take fresh copies from the XP cd...
Start, run:
sfc /scannow

Member Avatar for Aerodome

gerbil,

Thank you so much for that tip. It did help a lot when it comes to cutting down the excess internet chatter and I seem to have control of my internet access now.

I do still get a little excess internet chatter when I first start up (considering that I give so few programs permission to access the internet) but I think this is the best it's going to get for now.

Member Avatar for gerbil

Then you need a proper firewall.. Zonealarm, Kerio, or Comodo. Then nothing gets out unless you let it.
Every time you start tho Windows will hunt for a DNS and also try for a time check, plus if yours is dynamic, get an IP address and sort coding for login to your ISP.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.