svchostz.exe a virus?

Discussion in 'Virus Information' started by Brent, Jun 19, 2004.

  1. Brent

    Brent Guest

    After upgrading an XP system motherboard and reinstalling XP, I discovered
    two startup references to c:\windows\system32\svchostz.exe (note the "z" at
    the end of the filename). I've checked, and this service *is* running (as
    well as the usual 5 instances of the legitimate svchost.exe). I've tried
    removing the entries using regedit, but upon system restart, they come right
    back again. I was able to remove the startup entries after terminating the
    svchostz service. I've run numerous scans using AVG (updated), and even
    tested the file itself, and it says it's virus-free. I've also tested with
    Symantec's online virus scan with the same results. It has a create/modify
    date corresponding to about an hour after my reinstall of XP, and a file
    size of 90KB.

    Amazingly, I can't find any references to this file on the Internet
    anywhere. Can anyone tell me what it is, and why it needs (two instances)
    to run at startup?
    Brent, Jun 19, 2004
  2. Greetings --

    I can't find any information on that particular file name, either.
    Have you kept a copy of the file that you could send to one or more of
    the antivirus companies for analysis? Do the advanced properties of
    the file reveal any information about its maker?

    Bruce Chambers
    Bruce Chambers

    You can have peace. Or you can have freedom. Don't ever count on
    having both at once. - RAH
    Bruce Chambers, Jun 19, 2004
  3. Brent

    Brent Guest

    Thanks for responding Bruce. The Properties dialog is essentially blank,
    with only General and Summary tabs. There is no author or version
    information. I will submit the file to one or two AV companies as you
    suggest. In the meantime, I have managed to deactivate it, and will leave
    it that way until such time as I know what it is.

    Brent, Jun 19, 2004
