SVCHOST.exe shutdown

[Curval]

I get this message almost everytime I boot up.  It asks if I want to send information to Microsoft.  So far I have just said no, the window goes away and I can use my machine with no problem.

What the heck is this message that keeps coming up?

[StarOfAfrica2]

Basically, this process launches services used by windows.  It can run multiple times, and each instance of it running in your "processes" window is for a different group of services.  You can generate a list of the tasks being started by each one by going to start -> run and type cmd, then Type Tasklist /svc >C:\TaskList.txt.  This only works in WinXP Professional, if you have Home version then you have to download the taskmanager from here:  http://windowsxp.mvps.org/utils/tasklist.zip

For info from Microsoft on SVChost.exe you can look here:

http://support.microsoft.com/?kbid=314056

The only version of this file you should have on your computer is installed in your %Windir%\System32 folder.  If you have any other versions installed anywhere else, you could very well have a virus or Trojan.  There are some that mimic this file.

[Curval]

I have run Spybot, Adaware and Trend Micro virus scan (totally up to date).  What else can I do?

[StarOfAfrica2]

I usually use at least 2 different antivirus programs to verify results if I am uncertain.  I use McAfee at home, Norton at work.  If I ever have reason to doubt one, I go online to someplace like PcPitstop.com and have them run their antivirus setup.  They have 2 to choose from, the standard is McAfee and the other is Panda.  Its totally free, although it might take awhile.  

The reason for this is twofold.  

1)  All antivirus companies update their sig files as quickly and as often as possible.  Some get there faster than others though.  One might have it today while another might not get it till tomorrow.  Running two scans cant hurt.

2)  Some viruses target specific antivirus programs.  Due to a bonehead slip up by a former boss, I had to deal with the Klez virus awhile back.  It targets Norton antivirus by finding and altering the sig file so the program overlooks the virus in scans, thinking its harmless.  I had to use McAfee to find it.  Not a knock against Norton, its not their fault they are the most popular AV company out there.

[214thCavalier]

Curval so why did you post "SVCHOST.exe shutdown" if it closes and continues to run ok ?

Btw Svchost.exe is a normal part of windows XP operation. It is also normal to have multiple instances of it running.
It could also be a virus if the file is NOT contained within your windows\system32 directory.

If you are worried it may be a virus start by searching your comp looking for it installed more than once and in directories other than the windows\system32 directory.

From memory of long ago when i first got XP i recall doing similar to you and blocking access, until i found i could no longer use XP.
I believe it is also used to contact microsoft to confirm you are using a valid version ie not copied Win XP, is your install recent ?
IE is the free period about to expire on your install ? and you have not yet registered it ?

[Curval]

Cav...that is the message I get.

I don't think it is a license issue...the guy who built my computer is really anal about that stuff.  He works for our firm and they paid for the computer.  I'll ask him, but I'm sure I am all registered up.

The computer seems to run fine, even after that message pops up...but I hate seeing it.

[Curval]

SOA...I just noticed your sig.  I picked up the quote from a joke sent to me by a co-worker.  I'll change mine...can't have two of the same.  

Thanks for the info btw.

[StarOfAfrica2]

I'm not stingy

Yanno, this SVChost thing could very simply be wanting to start up processes that have been killed.  Or start services that are not installed.  If this was built by a guy you work with, even if it is a legal copy of Windows he could have copied an install from a business machine and then either killed off services you wouldnt need or uninstalled programs without using the "uninstall" feature (i.e. just deleted them).  Have you maybe recently deleted programs off your computer?  Taken out an extra HD that may have had programs on it?  Basically if you had any programs that ran at startup, and you have removed them without uninstalling, it could be causing the problem.  Try using the MSConfig tool and scan through your startup, see if there are any things checked that you dont recognize.

[214thCavalier]

Curval just look in your program listings and see if "activate" is listed anywhere.
If it is just run it.

[Curval]

I'll check all that out...thanks guys.

[Curval]

It actually isn't SVCHOST.exe that is shutting down, sorry guys...it is SVCHOST.dll.

There are 2 items I don't recognise in the msconfig that are ticked but have no command...gona try and untick em now.

[214thCavalier]

Curval,

TROJAN ALERT !

Troj/Servu-S is a hacked version of a legitimate FTP server application.
The Trojan reads configuration data from a file called svchost.dll.

I think you had best pay this page a visit, could be what your looking for.

http://www.sophos.com/virusinfo/analyses/trojservus.html

[Curval]

yikes...linky no workie Cav

[214thCavalier]

Curval try this link Sophos have a 30 day trial available, you will have to supply some details so they can tell if you keep trying to extend the 30 days

http://www.sophos.com/products/sav/eval/

I use Kaspersky AV, highest detection rate of all AV last time i looked, they also do a free month trial version.

Antivirus and firewall are 2 things i never quibble about paying for.