    BRPlayer, as far as I am aware, svchost is a legit file that controls and runs several Win2K and XP functions. So it's not unusual to find several copies running when you check with TasK Manager. It's not a file you should delete.

    I can't tell you exactly which functions are being loaded by svchost, you can try searching for it using a search engine and there will be sites with articles on what the file does.

    More importantly, from your description, it's not so much svchost that is your problem right now, it's the fact that the NT Authority thingie is still plaguing you, which means you have contracted and yet to remove the worm?

    Checking the earlier pages of this thread should help. Or try Cnet News or eweek for their reports as well, which should contain links to info.
    Thanks for the help guys. I will look into it.
    kewlness, given that your system has been scanned and proclaimed clean, then you're probably safe as long as you keep up to date with patches and AV/firewall updates.

    In the end, the larger issue is not about this particular worm alone; it's about what the end user and Microsoft should do respectively to ensure secure computing.

    I have been thinking about this: I bought a computer years ago just to play games. Back then it was still MS-DOS, and I had to learn config.sys and autoexec.bat tweaks in order to maximize the amount of higher memory available (extended and expanded memory, himem.sys and em386.exe if I recall correctly?).

    Soon, for school projects, I slowly learnt word processing. But after all these years, I never learnt to program, unless you include HTML and some statistical package stuff.

    But I have found myself increasing visits to sites like Techspot for their tweak guides, etc. It seems to me that in order to really use a computer optimally and securely, one almost has to become a "techie" by default and necessity. I mean, now I even assemble my own systems instead of buying from Dell and the like...

    I don't know if this is asking a bit too much of end users, most of whom would just simply like to run their everyday productivity programs, games, surf and that's about it. What do you guys think?
    tkteo...tks for the response

    I think as time goes by, end users (such as myself...lol) will have to become more knowledgeable or else their computers won't last 24 hrs.

    2:24 a.m. here...zzz....g/nite
    SVCHost is a normal task. I have about 4-5 running on my system at once all the time. No cause for alarm :)
    Interesting graph

    From CNet news.com round-up about the worm:

    Thank goodness for this site. I am a relative novice on my machine and am just learning the ropes really. I feared the worst when I couldn't shift the shut down messages. Used my office pc to search google and found this.

    Great community spirit :D , thanks for all the tips.

    By the way, my computer seems ok now after using the removal tool and then downloading the patch (fingers crossed, touch wood, etc, etc...)
    RPC Call

    what do you make of this Has anyone experienced problems even after removing the virus? i have norton anti virus at home telling me its unable to start up its messenger scanner, my old msn messenger doesn't work anymore but msn 6.0 does. Sygate personal firewall won't install it says "Error loading support files Error loading support type library/DLL (svchost is related to dlls running in the background). Also when trying to install a different version of norton anti virus i get an error where it says it was interupted and can't continue the install.
    for the norton antivirus, try going into options and select "page defaults" for every option page.

    did u try to install sygate/norton in safe mode?
    I didnt try them in safe mode but i will give it a go later today thanks, why would i need to do this though?. could the virus have corrupted my Windows instaler or maybe some dll's?
    Ilsom - Your computer won't start problem - make a new thread in "Other Hardware" forum, let's keep this thread on topic.

    killerbyte - If you believe the cable modem installation problem is not related to this worm - make a new thread in "Storage & Networking" forum (or Windows OS if you feel it's more about the OS).

    solarist - Make new threads about the keylog thing and ports 1025 & 1026 if you want, let's keep this thread on topic.

    slowEJ6 - ditto about ACMru.

    Those who are concerned about svchost - as its name might tell, it's Service host - if you somehow would be able to delete it, your OS wouldn't work after that.
    I had the following files which AV software found to be infected....


    The first five were in the Windows\System32 dir however the last two, ending in .pf lurked in the Windows\Prefetch folder and definately needed deleting otherwise they seemed to recreate their counterparts back in \system32 on reboot!!
    The Patch

    I have Windows XP 32 Bit & I tried downloading the Patch but when I go to the Wizard, I got to the 2nd step then the wizard just shut down. So I tried again about 30 times afterwards, & again the same thing happened. I went to the link given on the start of this Thread, so why can I not download the patch? How do I download the patch?
    Re: problem with the patch??

    You need to download the 32bit version of the patch. Sound like you downloaded the 64bit version.
    32 bit

    I did download the 32 bit version, but it won't work. The wizard starts, then I click on agree to terms then it goes to the next step, then I click on next then the wizard just shuts down.
    It sounds like your download might be corrupted. I would try to download it again.
    guys! i also experienced that NT stupid thing lately, so i search for what that is at google, i saw your site, damn! u guys really help solve my problem! thanks guys!!! i'LL stick and support your site forever!!! :)
    Hey guys you dont have to do all that services config stuff to stop the shutdown. In the middle of the shut down go to run and type shutdown -a this will temprarly disarm the thng till u can downlaod patches and fixes. ;)
    I don't know if this helps, but we were talking about the worm not having a payload on our forums, and we got this response...
    May explain why something is trying to contact MS.
    i got tha MsBlaster.exe the way i got rid of it was i downlaoded the patch restarted the computer and then i did alt crtl del and ended the task on it then i went to the Xp Search on my computer and searched Ms.Blaster.exe and it found it so i deleted it... but the thing is though my dad logged on his user name and he got the message and when i loged on mine i didnt get it hmm wonder what happened there?
    hi guys,
    still got the problem,
    the problem i am getting is that i can't download the windows updates. when i go to microsoft update site , it then scans my machine and see what i need but after it does all that and i select install it just does nothing.
    the dialog box comes up and ask if i accept the install and terms and i acepts and nothing happens.
    just stays there on that page. can't see anything downloading and checked nothing has been downloaded.
    the first one i need to install is the service pack or the express update. but i can't install it.
    by the way the msblast keeps coming back as when i check in taskbar manager its there and i have deleted it many times.
    i have installed the fixit tool by norton and tried to apply patch but i think it doesn't fully apply and its installing dialog box just disapears.
    most inportant is to update windows but i cant.

    please guys can anyone help.

    ps i have look in this discussion but no answers .
