How to replace virus-infected svchost.exe file

MS Windows is a patchy OS, and you have to constantly maintain it, both manually and automatically using its slow live update, to keep the system relatively secure. Here are the instructions on how to replace the infected svchost.exe under Windows XP and patch your system to close the loophole.

Find a copy from your Windows Installation CD, browse to the directory i386. In this directory you’ll find compressed version of svchost by the name SVCHOST.EX_. Copy this file to c:

Now run ‘expand’ in the command line interface and expand this compressed file, like this.

expand c:svchost.ex_ c:svchost.exe

Now you have a clean copy of svchost.exe, next step is use it to replace the infected one. Either boot into Linux or use some system rescue CDs, for example, Hiren’s BootCD and copy the clean file to C:WINDOWSsystem32 to replace the infected one.

To get rid of this issue once and for all, you need to immediately patch Windows using the fix KB958644 from Microsoft.

Before downloading the patch, check out this post to see if you have the same symptoms as I did.

5 Responses

Write a Comment»
  1. Thank u very much. I was able to replace svchost from “safe mode command prompt”

    1. Glad it helps. I suspect it is a Trojan plantation which can really havoc the system security. By the way, what anti-viral program are you using?

  2. Thaks for the sound advice

    Slightly pedantic mistake that might confuse rookies, though. You left the out of the filenames in the command line

    Also you don’t need to use another OS, just rename the corrupted file instead of deleting it. It should then allow you to replace it. It will still be using the old one to run svchost as an application, depsite it’s new name, until you restart. Then it will switch to the new one and you can delete the old one

    1. Thank you for commenting. I don’t know why the backslash is omitted in the post. It must have something to do with the code format.

  3. ok.. lemme try………

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>