MS Windows is a patchy OS, and you have to constantly maintain it, both manually and automatically using its slow live update, to keep the system relatively secure. Here are the instructions on how to replace the infected svchost.exe under Windows XP and patch your system to close the loophole.
Find a copy from your Windows Installation CD, browse to the directory i386. In this directory you’ll find compressed version of svchost by the name SVCHOST.EX_. Copy this file to c:
Now run ‘expand’ in the command line interface and expand this compressed file, like this.
expand c:svchost.ex_ c:svchost.exe
Now you have a clean copy of svchost.exe, next step is use it to replace the infected one. Either boot into Linux or use some system rescue CDs, for example, Hiren’s BootCD and copy the clean file to C:WINDOWSsystem32 to replace the infected one.
To get rid of this issue once and for all, you need to immediately patch Windows using the fix KB958644 from Microsoft.
Before downloading the patch, check out this post to see if you have the same symptoms as I did.
Thank u very much. I was able to replace svchost from “safe mode command prompt”
Glad it helps. I suspect it is a Trojan plantation which can really havoc the system security. By the way, what anti-viral program are you using?