after scanning this hdd for virus, i attached the hdd back into its own pc
and upon restart, got the following message under the heading

"c:\windows\system32\svohost.exe"
'windows cannot find c:\windoes\system32\svohost.exe. make sure you type the name correctly and then try again. to search for a file....'

i did a search by typing 'svohost.exe' and it give me the following result.
-found in folder c:\windows\prefetch
svohost.exe-2FA3EB46.pf

when i go to msconfig, i found
1/ svchostx svchostx.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.
2/ svchost c:\WINDOWS\svchost....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.

whe i unchecked these 2 boxes, the message still remains upon restart.

i updated the windows but the message still appears. (i have many other
sotware programs in the pc and do not wish to re-install them.) i have the
Product Recvery CD. what must i do to stop the message fr appearing. your prompt advice is much appreciated. many thanks

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21113859.html

santa,

many thanks. i have been out of work for a long time now and unable to afford it. do i disbable system restore,rescan and put back the S.R.? Appreciate if you can help, many thanks

svohost.exe is a virus!
Virus name W32/Turta.A
Alias Turta, Win32.Turta.A, Win32/Turta.A, Win32/Mimail.Variant.Worm, I-Worm.Turta.a, Win32.Feat.A

Win32.Turta.A is a worm that spreads via e-mail. It arrives as an attachment to a message claiming to be information on the Sasser worm, with the spoofed sender address of support@microsoft.com. It has been distributed as an 8,880-byte, FSG-packed, Win32 executable. Note: This threat is proactively detected as Win32/Mimail.Variant.Worm when using the InoculateIT engine.When executed, Turta.A copies itself to:
%System%\swchost.exe
%System%\svohost.exe

It modifies the registry to ensure that swchost.exe runs at each Windows start:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \load32 = "%System%\swchost.exe"

It also changes system.ini on Win9x systems, so that the worm is executed when Explorer is launched:

[boot ]
shell=explorer.exe %System%\svohost.exe

Note: On Windows NT/2000/XP/2003 systems, this change is translated by the operating system to this registry entry:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe %System%\svohost.exe"
You will need to go into the registry and delete this entry!
Any good antivirus program should have caught this!

When I go to this registry;
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe %System%\svohost.exe"

When I highlighed the 'winlogon' on the left pane, there are many entries on the right pane. Among them is "shell' REG_SZ (under the type classification) and Explorer.exe (under data classification). I suppose I right click "shell" and delete it. Am I correct, please advice. Mnay thanks

after scanning this hdd for virus, i attached the hdd back into its own pc
and upon restart, got the following message under the heading

"c:\windows\system32\svohost.exe"
'windows cannot find c:\windoes\system32\svohost.exe. make sure you type the name correctly and then try again. to search for a file....'

i did a search by typing 'svohost.exe' and it give me the following result.
-found in folder c:\windows\prefetch
svohost.exe-2FA3EB46.pf

when i go to msconfig, i found
1/ svchostx svchostx.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.
2/ svchost c:\WINDOWS\svchost....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.

whe i unchecked these 2 boxes, the message still remains upon restart.

i updated the windows but the message still appears. (i have many other
sotware programs in the pc and do not wish to re-install them.) i have the
Product Recvery CD. what must i do to stop the message fr appearing. your prompt advice is much appreciated. many thanks

I have the same problem, and it seems there are virus in it (backdoor and worm) how can i replace the svchost.exe?where can i find it to download?

You must disable system restore, boot into safe mode and run your virus scan, reboot and see what happens! Go to the prefetch folder and delete all the files!

Hi,
I just scanned my system with online NORTON Antivirus and it found three viruses which it removed......One of them was d:\windows\system32\svohost.exe......But now at every reboot I get the annoying message "d:\windows\system32\svohost.exe not found"
I have googled a bit around but couldnot find much info on how to remove it.....How to solve this problem?

mansoor ahmed

It's being called for by registry entry(s) most likely. Use regedt32.exe from the run line and search the registry for this entry. Delete it. Close regedit and reboot.

how to remove this virus and be protected in future?