Is it normal to have it located as a hidden file on C:/, or do I have a virus?

I don't have it in c:/ what OS do you have?

go here PE_FEEFO.A (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_JEEFO.A) my friend had a virus of this file. go here to check if you g=have a virus Housecall (http://housecall.trendmicro.com/housecall/start_corp.asp)

completely normal to have several svchost in task manager
check blackviper if you have any more strange things running in task manager

Originally posted by Agent Smith@20 November 2003 - 07:49
I don't have it in c:/ what OS do you have?
Xp pro corporate

Information from Microsoft On svchost
http://support.microsoft.com/?kbid=314056

I have XP Pro, but Svchost is only located in my windows/system32/ folder, so I don't think it's normal for it to be in C:\. However my system is running with all the updates, so maybe it was moved in a update. If your checking for virus, and you don't have one, I'd say forget about this.

I had today something which intented to connect to the internet while I was surfing, which I blocked with NPF. After that I decided to update NAV corp 8.1, NPF 2003, Ad-Aware, Spybot, & Antitrojan. Then I runned them all, and they didn't detect anything. :huh: . Then I saw that svchost.exe was on C:/, which I think (but I'm not sure ) wasn't there before, and as I know that lots of viruses take this name to not to be detected... :o

I've just have a look on your link to microsoft, but they don't say anything about the location of Svchost.exe on the files. They just give its location on the register.

And I've never run windows update since I reformated my hard-disk.

http://www.viruslist.com/eng/viruslist.html?id=4251

It looks like you have a worm.

I must say, it's terribly irresponsible to run Windows without the security patches. Although in this instance your computer is not adversely affected, this worm makes DoS attacks on other peoples websites. Why don't you visit windows update or windows catalog?

Cos I'm affraid it messes my other applications like XP lite, tweak xp, and as I have XP pro corporate. I know some versions of corporate can be updated but I don't know about mine.

Why would having XP corp would mean you couldn't update?

Is security not an issue for you? That's why you have been infected by this worm. :(

:)

I dunno, just a tought :rolleyes:
So you're sure an update can't be harmfull in anyway? Ok then I'll do it soon

Thanks :)

is it ok to close svchost? i have 5 running on my pc and they take up alot of resources <_<

Originally posted by leonidas@20 November 2003 - 12:46
I dunno, just a tought :rolleyes:
So you&#39;re sure an update can&#39;t be harmfull in anyway? Ok then I&#39;ll do it soon

Thanks :)
System files that you may find in the root of C:&#092; are:
autoexec.bat
boot.ini
config.sys
io.sys
msdos.sys
ntdetect.com
ntldr
pagefile.sys
Anything else XP can do without, although other software may not work properly&#33;

Delete the svchost.exe in C:&#092;.
Get XP updated.
If you have any problems updating, search p2p for bluelist.zip and google for information on how to change your XP serial number.

Your antirus should remove the infection the file in question, no problems.

As far as updating goes, download then try to install service pack one first. If this doesn&#39;t work, it&#39;s because you have a blacklisted key. Search for the keygen mentioned by smurfette and use these instructions (http://home.planet.nl/~brainwave01/). If SP1 does install, you&#39;ll be able to visit windows update with no problems. I advise you to use windows catalog as this way you can save all the updates to disk for future formats.

Originally posted by Marius24@20 November 2003 - 10:05
is it ok to close svchost?&nbsp; i have 5 running on my pc and they take up alot of resources <_<
No, it&#39;s not ok. Each svchost is running a group of services, you can&#39;t tell what you are shutting down that way.

Instead, go to Blackviper&#39;s (http://www.blkviper.com/index.html) website. Go to the windows services configurations and disable or change to manual all services you don&#39;t need. Fewer instances of svchost will now run.

Jg427

The SVChost routine is used by non executable DLL files to become executable by acting as a host for their execution. As Jg427 said, it&#39;s normal to have several instances running.

This is not to be confused with the .exe you found though, Leonidas.

Ok so I&#39;ve tried updating but it told me to call microsoft antipiracy. I was about to do it when I remembered that maybe I was a pirat myself :o . So now I have to mess with the XP keygen <_< . What a pain in the a... Why did I decided to wake up this mourning :lol:. I think I &#39;m not dealing with this at the moment as my computer is doing fine. I just wait till my computer gets ill enough <_<

The thing is though, you should see yourself as having a responsibility to keep your pc secure. If not, you&#39;re potentially allowing your pc to pass this worm to all your friends (don&#39;t use Outlook), and allowing your computer to make Dos attacks on servers. Not forgetting the fact that you use p2p software, and might be spreading infected files that way too.

I&#39;ve sent you a pm, visit the site i linked earlier and it will take you less than twenty minutes to change your key. Make sure you&#39;ve scanned your computer, probably wise that you do an online virus scan (http://housecall.antivirus.com/housecall/start_corp.asp), also a trojan scan (http://www.trojanscan.com/).

Then you can install all updates.

Don&#39;t phone Microsoft.

Oh i think he should call Microsoft. Everyone needs to experience that kind of ignorance from a major corporation at least once. Consider it an initiation rite B)

Ok so I finally decided to call Microsoft anti-piracy serv... :P :lol: Thanks for all LTJBukem I did what you told me and it works :)