WinDir.svchost

Overview

A common technique that spyware, adwares, viruses, keyloggers etc use to hide from users is to drop files on the system that use the same name as a legitimate file but in a different folder. WinDir.svchost is a warning that there is a file named svchost.exe located in %WinDir% on your system. The legitimate svchost.exe file is located in %SystemDir%. You might want to analyse %WinDir%\svchost.exe to verify it is something that you really want on your system. Do not delete %WinDir%\svchost.exe unless you are 100% sure it is a threats.

Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following threats drops svchost.exe in %WinDir%:
2020search, Online Trojan, W32.Jeefo, W32.Mimail.L@mm, W32.HLLW.Astef, W32.Hostidel.Trojan.B, W32.Hostidel.Trojan.C, W32.Darker.Worm, W32.HLLW.Donk, W32.HLLW.Morb, PWSteal.Tarno, Backdoor.Graybird, BKDR_DEWIN.E, W32.HLLW.Repsan, and many more.

Files

svchost.exe

If you have any of the files related to WinDir.svchost on your system, please send them for additional analysis. Generally, I have only analysed a few versions for each software component listed at this web site. With your help I will be able to look at both old and more recent versions of the WinDir.svchost software. Thank you very much for your time!

Log references

Log 58

Detection

Bazooka Adware and Spyware Scanner detects WinDir.svchost. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Manual removal

Please follow the instructions below if you would like to remove WinDir.svchost manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If WinDir.svchost remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Do not delete %WinDir%\svchost.exe unless you are 100% sure it is a threat.

  1. Start your computer in safe mode.
  2. Start Windows Explorer and delete:
    %WinDir%\svchost.exe
    Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).

Problems uninstalling? Click here.

I'm looking for your help!

Thank you for using my site, I hope you find it useful. I'm looking for help from all users, please read more.

Contact information for WinDir.svchost's vendor

In order to provide correct, accurate and updated information about WinDir.svchost I encourage the vendor to contact me if any part of this write-up needs a revision.

How do you rate the information provided about WinDir.svchost?


Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com