svohost.exe is a virus!
Virus name W32/Turta.A
Alias Turta, Win32.Turta.A, Win32/Turta.A, Win32/Mimail.Variant.Worm, I-Worm.Turta.a, Win32.Feat.A
Win32.Turta.A is a worm that spreads via e-mail. It arrives as an attachment to a message claiming to be information on the Sasser worm, with the spoofed sender address of [email]firstname.lastname@example.org[/email]. It has been distributed as an 8,880-byte, FSG-packed, Win32 executable. Note: This threat is proactively detected as Win32/Mimail.Variant.Worm when using the InoculateIT engine.When executed, Turta.A copies itself to:
It modifies the registry to ensure that swchost.exe runs at each Windows start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \load32 = "%System%\swchost.exe"
It also changes system.ini on Win9x systems, so that the worm is executed when Explorer is launched:
Note: On Windows NT/2000/XP/2003 systems, this change is translated by the operating system to this registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe %System%\svohost.exe"
You will need to go into the registry and delete this entry!
Any good antivirus program should have caught this!