My anti-virus software(avast) show me that there is virus under the C:\Windows\system32\svchost.exe. I encounter with it first time and could not find and delete. I have download the Commodo software tool for testing but found nothing. There is killswitch mode to analyze all svchost.exe services and find out which of them is virus, but it did not help me. Could anyone point me out real way to find it, either it would be manually or with the assistance of software. Thanks in advance.

 

svchost.exe is a utility that runs dll files, so it could be that the virus is not in svchost itself but in the dll it is running.

 

Avast is pretty good at finding and removing virus threats. If you are worried the net-nasty might still be on your computer, you can try running a program like Malwarebytes. There is a free version for use on home computers.

Odds are, Avast at least quarantined the virus, and it is no longer active on your system . . . and Avast may have actually caught it before it was active.

 

C:\Windows\system32\svchost.exe is a core system file - delete that and windows will cease to operate, at all.

Are you sure Avast pointed out that it was really the "C:\Windows\system32\svchost.exe" file, and not another file called svchost.exe elsewhere?

Else, it may have meant that your svchost.exe is infected (the contents of the file has been changed by the virus) in which case you're in a really crappy situation, because if your AV cannot clean it then you'll have to restore the original file by other means (like plugging that hdd into another windows PC and copying the _correct_ version of that file over the top of the infected one).

Good luck.

 

Yes SVChost is a normal process in some cases i've seen on my old XP netbook. I would google it, some sites will give you some info on it. I saw one site that said it was both good and it is also a virus. Same name 2 different files, there was some way to distinguish them.
+1 for malware bytes. if you want more info on the process that is running i'd recommend process explorer from sysinternals. has a good deal more info including vendor, etc. if you want to get into it deep and see what it's doing then get process monitor from sysinternals. (both free) or download the entire suite of for free, and extract them to your C drive. I put them in the root of C: so that i can find simply, and some are cmd based that need the directory set to run.

 

Get MalwareBytes and Spybot. Run them as administrator and let them do their thing.

svchost.exe is not the issue, most likely. It is probably the service it is running.

 

C:\Windows\system32\svchost.exe is a core system file - delete that and windows will cease to operate, at all.
. . .

Yes, it can be a valid system process . . . but depending on what is running on your computer you can have several instances of svchost running at the same time. Virus files can and do mimic valid system processes, often the svchost in particular. My point in the first post was that Avast caught virus activity in a particular instance of the svchost.exe, and at least quarantined it (which I think is the default setting). Odds are good that whatever virus or malware activity that was running on the machine no longer is. Running a program like Malwarebytes and maybe a full Avast system scan can verify the infection is not active. I'd imagine Avast killed it, though.

 

Depending upon your version of Avast, you can look at record files it creates and see what it did.