Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Generic Host (Svchost.exe)

Created: 22 Apr 2010 • Updated: 07 Feb 2013 | 8 comments
This issue has been solved. See solution.

Hi All

I have tried all the recomended steps to take to get rid of this particular virus but seems like the virus it still coming back, reffer below the steps i took

1. All USB ports disabled
2. Disable auto-run from gpedit
3. Disable system restore
4. Run a full system Scan

I even tried using AVAST boot scans still coudnt remove virus, anyone have any fixes would be great, you can email me direct on my email addy if you have any suggestion: hapawa@steamships.com.pg

ta, Hale

Comments 8 CommentsJump to latest comment

Mick2009's picture

Hi Hale,

Can you provide more details-?  What Symantec product are you using, and what is this threat being identified as?  Is it not being detected at all?  Or is it one that keeps coming back-?  What action do the logs show is being taken against the threat-?

Here is an article that may help: Best practices for responding to active threats on a network (http://service1.symantec.com/support/ent-security.nsf/docid/2010011510455048)

Thanks and best regards,

Mick

With thanks and best regards,

Mick

Hale's picture

Hi Mick

I'm using NAV 10.1, refer this AVAST log file i took earlier with a boot scan by avast, everytime the SVCHost (Generic Host) error message appears this virus is present, and yes is is is removed my AVAST it keeps coming back and also i've have advice the this threat denies access to shared drives, correct me if i'm wrong.

File C:\WINDOWS\system32\run.vbs is infected by BV:Agent-AO [Trj], Deleted

ta, Hale


ta, Hale

_Brian's picture

Boot from the SERT CD and run that:

http://service1.symantec.com/support/ent-security....

You can also try running malwarebytes in safemode if the above doesn't work.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
AravindKM's picture

svchost.exe is a genuine file of windows..Unfortunately many virus will use the same file name for creating it's own process.Can you tell us from which path this file is running?What is the exact error you are getting?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Hale's picture

Hi Brian81

Mate heres the error messge...

Error.jpg


ta, Hale

Hale's picture

HI Brian81

Mate i used to have the svchost error but now on the generic host seem to be apearing.


ta, Hale

Raunak_Vaghela's picture

Steps to be performed:
1. SVCHost.exe is used by genuine and malicious processes where malicious processes use this name to hide themselves.
2. You are using very old product of Symantec. So you need to upgrade it soon. It is important because there have been many AV engine updates which can handle the current threats more efficiently than the version you have.
3. As recommended by Brian81, first try to scan the computer with SERT tool and see if it cleans the threat.
4. If issue persist, contact Technical support. As it would require some log analysis to find source of the threat.

Please Mark on the solution that worked for you.

pete_4u2002's picture

open a case with Symantec support , they will help you to find the suspicious file. Howver you can look at the files at common loading points , if suspicious submit to symantec analysis team.