Have a suspicious svchost.exe and I can't load secure webpages

M

Metallica_Band

2[H]4U
Joined
Oct 23, 2002
Messages
3,437
Hey there...I started a thread over HERE and I've solved everything except for 2 things

There is a suspicious svchost.exe that's taking up a lot of memory (I think like in the 10,000's or 20,000's) and that svchost.exe is the 6th one...there's only supposed to be 5 I thought...and it always reopens when I close it and I notice no changes when I close it...

Also after getting rid of everything, no one can seem to log onto anything...like I goto eBay and press the sign in button and it's unable to connect...always gives me an unable to connect message...I have no idea what happened...something bad that got deleted changed something and I don't know what it changed...they can't log into their bank website to do their bank stuff...seems like it's the secure websites that won't load...

I've run Norton AntiVirus 2004 and the newest AdAware and S&D and 3 different online scanners...I got nothin...everything is cleared except for those things...

Is there a way for me to see whether or not this one svchost.exe is good or bad??? I can't remember which user name in the task manageer it runs under...I think either System or Network Service...

And what about the websites??? I have absolutely no idea how to fix that...I tried reregistering(I think that's what it was called) some dll's and nothin...it happenes with BOTH Internet Explorer (which they don't use anymore) and Firefox...I got nothin...

Any ideas on how I can fix this??? THANX
C'YA :cool:
 
As Stated in the OLD POST REFORMAT AND START OVER. You can never get it all out when it was that bad, Take and hr and reformat, Question How many hours did you spend trying to fix what you have?10?
 
Well guess what...I DID get it all ou...those two symptoms are the only two things left over...just a possible suspicious svchost.exe and no loading of secure pages...that's it...everything else I miracleously got rid of...I just need help on these ther two things...
 
Yeah I would reformat and start over. Then make a smart move and get a copy of Norton Ghost 2003 and create an image of the fresh install and save it. This way if things tank again just image the drive and you're back in business.
 
^^^
I have that prog on my PC but not theirs...I'll try it and see if I can see what's happening...

And I can't reformat the PC cause they lost their Microsoft Office 2003 CD and I don't got that one...and the computer is almost fixed...

I don't see why ppl are suggesting a full reformat...it's like seeing a cockroach crawl on the floor and you freak out and call the exterminator to get the whole place sprayed and eevery nook and cranny looked at...doesn't make sense to me...

It's just one problem with a possible 2nd problem...any ideas on the website thingy??? That's what's really bugging them...
 
I don't see why ppl are suggesting a full reformat...it's like seeing a cockroach crawl on the floor and you freak out and call the exterminator to get the whole place sprayed and eevery nook and cranny looked at...doesn't make sense to me...
Click to expand...

So you just let the Cockroach run and hide? and Multiply!

I STEP on it and Kill it. Then it does not hide and come back later with friends!

Good job taking the time to repair it. Reformating takes less than an hour of PC time, and about 5 minutes of your time to complete it. Pop in your back ups and your done! :D Pc runs like new again.

Think about it. ;)
 
You can knock yourself out, i've spent many hours tracking weird stuff down. If it comes to down to a corrupted file or files due to a virus or something else, you may be able to find it and maybe not fix it. But as the guy mentioned before how many hours have spent on this? Too bad they lost their key.
 
Its so Easy just to Format and Start Over. I dont even mess with trying to fix problems when spyware and viri swarm my system.

Sometimes you just save more time and effort Starting from a clean slate.
 
Open a command box and run tasklist /svc. Then you can find out what service it is. Once you know what it is, it shouldn't be too hard to fix.
 
gb25 said:
Open a command box and run tasklist /svc.
Click to expand...
Ahhh...it opened up the command prompt and zipped right thru some stuff and quickly closed...how do I solve this? I'm just testing it on my computer since I'm not at my sisters house...
 
Metallica_Band said:
I don't see why ppl are suggesting a full reformat...
Click to expand...

Two reasons - one being the time and effort spent trying to clean the system.
Second reason is once a system is compromised how can you be certain that you cleaned everything?
 
I already stated that they have lost their Office 2003 CD and they need Word and Excel and stuff so formating is out of the question...

Besides...there are no suspicious progs running in taskman anymore and 3 viruses/*-ware/etc. scanners say that there aren't any bad things running and 3 online scanners say there's nothing bad left and 3-4 other specific scanning progs say that there aren't any bad things on there...all detected stuff in the begining but not anymore...
 
ok...I'm at their houyose and found out that XP Home didn't have the tasklist.exe...I Googled it and found that I can just download it and all is good....


So I ran tasklist command and found the svchosts's that were showing up in taskman...now I had taskman show the PID numbers and found that the one that is using up memory and restarting itself after I force close it is number SVCHOST.exe PID# 1096...SOMETHING there is screwing with the memory in that svchost.exe and I don't know what it is...HOPEFULLY it's something that I can fix that will just so happen to fix the secrure webpages not loading...

Code: 
C:\>tasklist /svc
Image Name				 PID Services
========================= ====== =============================================
System Idle Process			0 N/A
System						 4 N/A
smss.exe					 632 N/A
csrss.exe					680 N/A
winlogon.exe				 708 N/A
services.exe				 752 Eventlog, PlugPlay
lsass.exe					764 PolicyAgent, ProtectedStorage, SamSs
svchost.exe				 920 DcomLaunch, TermService
svchost.exe				 1000 RpcSs
svchost.exe				 1096 AudioSrv, CryptSvc, Dhcp, ERSvc,
								 EventSystem, FastUserSwitchingCompatibility,
								 helpsvc, lanmanserver, lanmanworkstation,
								 Netman, Nla, Schedule, seclogon, SENS,
								 SharedAccess, ShellHWDetection, srservice,
								 Themes, TrkWks, W32Time, winmgmt, wscsvc,
								 wuauserv, WZCSVC
svchost.exe				 1228 LmHosts, SSDPSRV, WebClient
spoolsv.exe				 1436 Spooler
explorer.exe				 192 N/A
atiptaxx.exe				 256 N/A
lxbtbmgr.exe				 292 N/A
lxbtbmon.exe				 324 N/A
qttask.exe				 380 N/A
TeaTimer.exe				 412 N/A
CCPROXY.EXE				 1256 ccProxy
CCSETMGR.EXE				1272 ccSetMgr
NAVAPSVC.EXE				1372 navapsvc
SAVSCAN.EXE				 1564 SAVScan
SNDSrvc.exe				 1792 SNDSrvc
svchost.exe				 1840 stisvc
VzFw.exe					1932 VAIO Entertainment File Import Service
CCEVTMGR.EXE				1992 ccEvtMgr
SymWSC.exe				 144 SymWSC
alg.exe					 2224 ALG
lxbtcoms.exe				3248 lxbt_device
realsched.exe			 3644 N/A
firefox.exe				 756 N/A
taskmgr.exe				 3912 N/A
iexplore.exe				3084 N/A
cmd.exe					 320 N/A
tasklist.exe				3828 N/A
wmiprvse.exe				2752 N/A
 
Cool...thanx...hopefully it'll repar their internet...I'll have to walk my sister thru it tho cause I'm swampped with homework right now...I'll tell ya how it goes...
 
You must log in or register to reply here.
Back
Top