Svchost.exe is the name of a common host process for services that run from dynamic link libraries (DLL). The valid file – located in folder C: Windows System – check the service part of the Windows registry to verify and list the services to be loaded at the start of the system. Multiple sessions of the file usually run while the system is in operation, each containing a separate group of services. Many deep malware programs spread a file with a similar name – Scvhost.exe – through Yahoo! Messenger blocking Task Manager and Registry Editor, as well as using command prompts.
If the operating system of an infected computer is Windows Me or Windows XP, turn off System Restore while this fix is being done. To turn off System Restore in Windows Me, click Start> Install> Dashboard. Double-click “System”.
Select “File System” from the Performance tab. Left-click the “Troubleshoot” tab and select the “Turn off System Recovery” box. Click “OK.” To turn off System Restore in Windows XP, sign in as an Administrator and click “Get started.” Right-click “My Computer” and select “Properties” from the shortcut menu. Select the “Turn off System Restore” option for each drive on the System Restore tab. Left-click “Apply” and “Yes” to confirm when prompted. Click “OK.”
Restart your computer in Safe Mode and sign in as an Administrator. Press “F8” after emitting the first beep during startup, before displaying the Microsoft Windows logo. Select the first option, to run Windows in Safe Mode from the selection menu.
Access command prompts. Click Start> Run. Type “cmd.” Click OK> CD (change folder) from the command prompt, click the spacebar. Enter the name of the full directory path of the folder that contains your Windows system files. It will be “C: Windows System” or “C: Windows System 32.”
From the command prompt, enter the following to uncheck the files to delete: “do-h-r -s scvhost.exe” and press “Enter;” “do -h-r -s blastclnnn.exe” and press “Enter;” “do -h -r -s autorun.inf” and press “Enter.”
Delete the files by entering the following content from the command prompt: “del scvhost.exe” and pressing “Enter;” “del blastclnnn.exe” and press “Enter;” “del autorun.ini” and press “Enter.”
Type “cd” to go back to the main Folder of Windows. Uncheck protection and delete the Autorun.inf file by entering the following content from the Windows directory command prompt: “cred-h-r -r -s autorun.inf” and press “Enter;” “del” autorun.inf “and press” Enter; “Enter” regedit ” and press ” Enter ” to open registry editor.
Find the following entry: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Run. Delete Yahoo! misspelled Messenger Entry with a value of “c: windows system32 scvhost.exe.”
Find the following key: HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon. In the key, there is a “shell” item with a value of “explorer.exe, scvhost.exe”. Edit the entry to delete the reference to Scvhost.exe, leaving Explorer.exe the remaining value in the registry.
Find the following key: HKEY_LOCAL_MACHINE> SYSTEM> CurrentControlSet> Services> Delete the following sub-keys from the left panel: RpcPatch RpcTftpd Exit the command prompt and return to the operating system. Type “Exit” and press “Enter”.
Restart the PC. If Scvhost.exe is still on your computer, repeat these steps, or try using an automatic deletion program from McAfee or Symantec (see link in References).