MS Windows is a patchy OS, and you have to constantly maintain it, both manually and automatically using its slow live update, to keep the system relatively secure. Here are the instructions on how to replace the infected svchost.exe under Windows XP and patch your system to close the loophole.
Find a copy from your Windows Installation CD, browse to the directory i386. In this directory you’ll find compressed version of svchost by the name SVCHOST.EX_. Copy this file to c:
Now run ‘expand’ in the command line interface and expand this compressed file, like this.
expand c:svchost.ex_ c:svchost.exe
Now you have a clean copy of svchost.exe, next step is use it to replace the infected one. Either boot into Linux or use some system rescue CDs, for example, Hiren’s BootCD and copy the clean file to C:WINDOWSsystem32 to replace the infected one.
To get rid of this issue once and for all, you need to immediately patch Windows using the fix KB958644 from Microsoft.
Before downloading the patch, check out this post to see if you have the same symptoms as I did.
Thank u very much. I was able to replace svchost from “safe mode command prompt”
Glad it helps. I suspect it is a Trojan plantation which can really havoc the system security. By the way, what anti-viral program are you using?
Thaks for the sound advice
Slightly pedantic mistake that might confuse rookies, though. You left the out of the filenames in the command line
Also you don’t need to use another OS, just rename the corrupted file instead of deleting it. It should then allow you to replace it. It will still be using the old one to run svchost as an application, depsite it’s new name, until you restart. Then it will switch to the new one and you can delete the old one
Thank you for commenting. I don’t know why the backslash is omitted in the post. It must have something to do with the code format.
ok.. lemme try………