Exterminate It! Antimalware

malpedia

Known threats:6,846,847 Last Update:September 30, 10:09

Testimonials

A lot of the smart viruses and Trojan horses today try really hard and prevent you form going to the main anti-virus and cleanup sort of product including microsoft own tools. They actually block your access to those sites.

A couple of weeks ago my wife's laptop got totally infected (she must be browsing porn) and I ended up finding a little known program that did most of the clean up and then followed up with Microsoft tools that are available on their site and successfully cleaned everything with the exception of one item i had to get rid of manually.

Name of the product is Exterminate it. Worked pretty well.

Source

Spoonshadows

File: svchost.com

Location of svchost.com and Associated Malware

Check whether svchost.com is present in the following locations:

svchost.com file locations that are Windows version independent:

  • C:\Windows\Temp\svchost.com
  • C:\Windows\System32\svchost.com

Windows 2000, Windows XP, Windows Server 2003 specific svchost.com file locations:

  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\svchost.com
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\1\svchost.com

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific svchost.com file locations:

  • C:\Users\USER_NAME\AppData\Local\Temp\svchost.com
  • C:\Users\USER_NAME\AppData\Local\Temp\1\svchost.com

If you find svchost.com file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The svchost.com file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of svchost.com File^

File SizeFile Md5Last Seen
284773842DF9BD6E5CD0FBFF4D2E81B77A3659Jan 19, 2010
293045AD61B831BE67F17E713D1413D3E14EFAJan 16, 2010
2928673F8D64AC3DCBEE620A8B830CB60757F7Feb 11, 2010
368519055D599E415EC660440A24B6D24A2311Feb 18, 2010
3606292BB357BE9CE8A351330DF336E338B8A4Mar 8, 2010
309639F401DF564131E8FD2734CA87FA43F6C3Mar 22, 2010
287547A0D607BB6BDA1AB298201F2CB0112AEBMar 28, 2010
286081E3EC5DE737E9E25818A444313A277B8EMar 30, 2010
285019A76E3ED7D5753A49ABC11FD21CF00F2BApr 21, 2010
283651BFA1F52B117EC05149A2E3478E2884EEApr 23, 2010
424037D0151D0CE92262B0DD5603BD1B7DAA1BApr 26, 2010
3567512BDD1A23B2615599D71A2DC3D66A4C60May 4, 2010
31109992BD0C6A9D2E7204F8233FB06872C618May 6, 2010
41409527BA6DD3FDFE94BDD8CBB8A365CD9ED7May 6, 2010
516495F717454F3A4E489484E34A66F20D57FAMay 8, 2010
308837BCF678EBBC84863DBDF4BD477BF0F944May 10, 2010
285575566C006A0DFCA48E70E5086D2235C98EMay 19, 2010
286599F3B3428F358343505BCFCBCABE0126BEMay 20, 2010
1198088710BA209CEDDE7FAB30A7C3ADE86175May 23, 2010
3567519E3CFB01DCD07CA95507B46CEEDBA1ABJun 1, 2010
455055D182E7674847C9DD2C90EF10E7C4E4FBJun 3, 2010
32799518BD1F682C71544697CB26EC5E22AD73Jun 9, 2010
356667C90DB9CA16F232F8C293026BCA5100A6Jun 13, 2010
346939AF31D2873598901B55E36A35D8D140B8Jun 16, 2010
397312574A813C7AECFCB427277CCFD142B3EDJun 20, 2010
2870354242F7C539FB2A25CCC8131B7BB0EBB8Jul 7, 2010
595335AB9AFFD93D145E6F197A5A7798B53CF7Jul 7, 2010
36851947B8501928AA41F1996A8CBA8F9FC092Jul 9, 2010
356751139A5EA191DC3463FC23A83799E06E1DJul 17, 2010
355857478B2E167EFC3FED93883E596B4589A6Jul 28, 2010
368955582C0840856ACBBF36E3BEB68FDDC10BAug 2, 2010
288647DC932234B1A2D8A43B3CC4D3AA131E1EAug 6, 2010
364943CE5265DF54EAA4CC06DF60735EEF7F7EAug 16, 2010
35675144F3B103454B8F418D5CA7B41604F465Aug 27, 2010
3444635A923FBC002F6777F891F5262AE31072Sep 1, 2010
352197686A00E37C313180C942AD3324A2503COct 11, 2010
3648592F0ECE6246134A1779D1469CC45D1FF8Oct 12, 2010
304955CB8B56DF1CA2D9BE7AB515ECAA0BF39BOct 18, 2010
4837277C650CFFC3B9EAE9189C1ADD29BE3498Oct 25, 2010
20992010695557813D4B17CD9E8BE5DCFFF1AENov 8, 2010
286087CECD3860C7F42DFFEDBF58E18EFF6DEBNov 11, 2010
3526554B40C7E01ED639338514F748D11B0BD2Nov 12, 2010
36877992E3AA74E12A31FE376D1FD13F51D673Nov 17, 2010
357501005D63479CBF079FF9B2142D04046C02Nov 17, 2010
414095D7471AED38F98E8726E4C52B0BFCEB40Dec 1, 2010
2830232F642563F74A6A6E2B675A7A51855CDFDec 5, 2010
352655F2414118B2DC27314180D640570D64C5Dec 11, 2010
282565EA072FAA2D9596905C94C2EFFE952C5BDec 16, 2010
38542387B5907DA04CE80A1A6308B14D8FE757Dec 23, 2010
352655043BF3FE83C7EBA07A7D3F319A47E611Dec 27, 2010
3526557A1B9A6888AC7A4F3BDCB012CA6C4876Jan 6, 2011
357501FFB0B021A2CDAD89B7B30B9A65AF058DJan 6, 2011
2870353DE5CF685B532914FEC167A3EDBE6C66Jan 8, 2011
282565E74605199FD78CEF028BBE5667172E0FJan 20, 2011
2861610E839C382C62586F1FA9A0180833E568Jan 27, 2011
3102258C2E3CD24AB25A9897E9FE416766EF89Jan 28, 2011
265728A91931E3E80674053971C4BEEC5A5150Feb 3, 2011
2837735BC352F5CCBF8B2FB3EF2DA467505984Feb 4, 2011
28553140D33A76A9259A2DFF9ABD75203290CAFeb 8, 2011
285575634E1DA11951B2D2F4F91B8E7401C7CEFeb 15, 2011
376971891D6585190BC5D5A219562C998AE945Feb 26, 2011
348475816B1E55AB587A7322E9EB0FBDEB9EF3Mar 6, 2011
471753559E1D5F8A48CECB570AD5098274D250Mar 9, 2011
323273AEFC62C69DD99C2D7693732F732F177FMar 9, 2011
351761F06D35237D4D86931055F495F4B5024CMar 16, 2011
512399E7467E30B97833AFEE2F099A658FECBDMar 24, 2011
356751972532D45FC5F59910CE3FA1BE90C763Apr 1, 2011
37461967F44FF3A613C987A13652A9A22DBF8BApr 11, 2011
1671567C3A007270B9356ECC7C2B91CA4A98CD0Apr 15, 2011
361597DAA705B835F419988A52E322F23A7723May 4, 2011
386897BCEAE7E9637E969F34F5B1BDCDC070F9May 6, 2011
3894351A4568DA0496536E383C7D7AFB9D466FMay 15, 2011
28377330B5E6F21DD7DB83162373573DE800AAMay 16, 2011
365915BDFFB23133F6334B7748030B6BBF8E2CMay 19, 2011
3575011202B5A656277493935BE8AFD4773916May 26, 2011
361597E1EA6C2C4B6A6B0A2B5385C2FEDA7D44May 26, 2011
283773C3FD763E8CD04D8658AD58DA55E9B3A8May 28, 2011
4181917F12F6B710A7F251628D77E3A257AE22Jun 3, 2011
356751DE0DC7601DDA5D1B8F498AE8F3EFE765Jun 4, 2011
360763A20981BC991E8420E53F53E038B7A276Jun 10, 2011
357501373817A50CE8807A7EE1D786140C7496Jun 20, 2011
4586933927C0E7BDF6A39A85EC06A9E31794ECJul 23, 2011
426778DD1653D5AA290DCB57FF0230A0D68F69Jul 24, 2011
3608476ACDD084942C81D7E7604E02C730384BAug 7, 2011
385423FE7ABE306BABEE1F60FBB88A328C6D4BAug 9, 2011
5656471935F94BD26066C56158C0BC2F7B43F8Aug 28, 2011
36084726694D7498D5569FB742646CE582F347Sep 14, 2011
28212983545FF2A12069F03B4D9B2A8F228AF2Sep 14, 2011
3607373D0ECA545F19BF88239B2A72C02BA7FFSep 27, 2011
3534055D105B97DC75BD0D04F49FC7D4952A2EOct 9, 2011
2822931441E0FFA6415FFA2E8F113B88D7F7CDOct 21, 2011
28596735CEA86CE2FE3849B982376784C88A62Nov 6, 2011
370446E7D5BC9663FA02A9CA5C2598CD778F62Nov 19, 2011
455055DCAA2F26E9868A21A2181646F3AE73C3Dec 4, 2011
299209685C6E002F1B7617073B8E5D4CE34B30Dec 28, 2011
426299CE970CC94AC334C85BF1C80B480B9A2FJan 11, 2012
413201BF7F1FFEE4A16DC667E5FAAA13F45C23Feb 18, 2012
206107769B3473F96D38525CE2192C8C4DD8BF07Mar 5, 2012
2991476360EE7DDCB22B5446B919005BD1CC59Apr 16, 2012
28302355BC904DB619EAE2F89FB4A780DAD65BJun 12, 2012
364943D46A20CE60DC31AE8169EB63C7FD0321Jul 17, 2012
357501526D0A2B0CAA09BF1BEE4165477EBE24Sep 9, 2012
430219621A6926AC213766876D26C4DE4D5BB3Sep 11, 2012
34803948A17D5E21C9863A7F9E7F2720B1A486Mar 4, 2013
30378419B83A13CF722F3416F629118433F6AEJun 23, 2013
3562937510A121D0110AEEBCCB96598FBAB8F5Jan 31, 2010
634368049766C92E68045E24E2BDB98B147984Jun 14, 2011

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove svchost.com^

  1. To enable deleting the svchost.com file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select svchost.com and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of svchost.com and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of svchost.com and Associated Malware.
  6. Notes:

    • The deletion of svchost.com will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of svchost.com will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a svchost.com malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type svchost.com. The name of the first found registry value referencing svchost.com is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to svchost.com, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of svchost.com and Associated Malware.