![digitalFAQ.com Forums [Archives]](https://www.digitalfaq.com/archives/styles/hr/misc/logo.gif){kind=logo}
|
Blaster virus in svchost.exe?
Hello,In december 2003 I got Blaster virus on my PC.
The virus was removed with Symantecs FixBlast tool. But one day I was killing processes before capturing video,I noticed something strange:When I try to kill one of the svchost.exe prosesses,the well known blaster window comes up and count down from one minute and restarts the computer. I have scanned the computer with all the known antivirus programs, but there is not a single one of them who detects anything. So I did a clean install op WinXP from my recovery CDs,but the problem svchost.exe is still there.One more thing,the blaster window doesnt show up before I try to kill the prosess,so I dont think it does anything with my work. But I like to have the thing completely out of my PC,so if any of you have any ideas how to remove/kill the thing, ill be happy :D http://www.digitalfaq.com/archives/i.../2005/01/3.jpg Thanks ----------------- viking |
It's perfectly normal to have svchost.exe as a background process. The worm just exploited a security hole, which allowed it to do a "remote shutdown". That is, the shutdown window you see is normal.
|
Yes I know its normal to have svchost as background process.
But if the shutdown window I see is normal,why does it appear only when I try to kill that single svchost(the one underlined at the screenshot) and not on the others svchosts?? Just wondering :!: -------------------- viking |
You didn't understand something : blaster never opened any window or launch any shutdown at all !
In fact this was due to a bug of the virus ! I does crash a vey important process of windows (the RPC management service). Without this service, windows can't work and then claims for a reboot. That is why the "shutdown" windows appeared. (the goal of blaster was to "blast" the m$ site by launching a lot of call on it from any computer infected but due to this bug, this nearly never worked). If you kill manually a such vital process, then windows will react the same way and that is why you have the shutdown process when you kill this instance of svchost ! (svchost is the generic process used to handle services, that is why you have so much instance of it : one instance by service that needs it). You probably just found the instance that host "RPC management" service :!: |
Ok,things looks a little brighter now :lol: .
So,if I understand you right, it was the bug of the blaster virus that shut down my PC in Dec.2003.And when I removed blaster the call for a shutdown was stopped,right? But now I call for a shutdown manually,by trying to kill that spesific svchost prosess? --------------- viking |
Yes it is.
(do read the complete message in the shutdown window, you will see that the reason is because a critic process has crashed. the process or service is named, if I remember well). |
Ok,I understand.
The message in the shutdown window says this (translated correct I hope :) ) : "Windows has to reboot beacause DCOM Server Process Launcher was stopped in a irregular way" ------------------ viking |
Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.