svchost.exe is infected with a virus?

As of October 30, Nod32 (version 3.0.669) updated its virus definition which identifies a new virus called Win32/Patched.NAC. Today it detected a crucial Windows file called svchost.exe, which is located at C:WindowsSystem32, is infected with this Patched.NAC virus.

It didn’t offer an option to clean it, so I chose to delete this Windows system file. The system is crippled after a reboot. I could boot into desktop, but there was no Internet connection and no sound. Left with no choice, I restored the deleted svchost.exe from quarantine to where it belongs. Nod32 still prompts this Patched.NAC virus but I have to tolerate this virus until I can find a replacement file.

I also doubt this might be a false alarm. Unfortunately, there isn’t a detailed description of what Win32/Patched.NAC virus does to the system.

Update: I used a clean svchost file and replaced the infected file under Linux. Problem is solved, but I still have no idea how it was infected and how the virus attacks.

Update:I think this virus attack is related to the recent Windows RPC bug as MS puts it “A security issue has been identified that could allow an unauthenticated remote attacker to compromise your Microsoft Windows-based system and gain control over it.” A fix (KB958644) of this bug is available as MS site.

One Reply to “svchost.exe is infected with a virus?”

Leave a Reply

Your email address will not be published. Required fields are marked *