XP - scvhost - Kaspersky/Registry Battle Ground

[Griffin NoName]

MS Office got corrupted so I sorted it all out.

Haven't used it yet since the sort out. Still doing mopping up.

But..... am getting warnings that Excel new/modified modules are trying to be loaded as child processes of svchost.

Anyone know why this would be happening? I don't like it.



Also, and not connected to the Excel issue, rebooting seems to fire up more and more scvhost processes. I don't like this either!


YES - I have done TOTAL most-rigorours-settijngs virus scans AND spyware and malware scans. De Nada.
I have also ensured all security patches for absolutely EVERYthing are up to date.

[beagle]

Svchost is just used to run services (continously running background tasks without a GUI)  which have been implemented in a DLL instead of an executable.   If XP is like Vista then "tasklist/svc" will tell you which svchost is running which service, and you can use the control panel services applet to disable services you don't need.

[Griffin NoName]

? "tasklist/svc" ?

Yes, re explanation, but what I couldn't understand was why Excel..... I am not aware of any service which would need it and I wasn't running it myself etc etc. - all I'd done was boot the machine up afresh after repairing Office and it just seemed very odd - there was nothing else logged in the Internet Security Event Log which there would have been if it was part of the general Office repair updates overspill.

[beagle]

? "tasklist/svc" ?

Create cmd DOS box type window.
type  tasklist /svc <return>
Stare in disbelief at how many services are running.
Finally (and this is the biggy), stop worrying about what they're up to. You really don't want to know.

[Bob in a quantum-state-of-faith]

..... You really don't want to know.

Yessssss........you WILL be asssssimilated.....


What?  Didn't you read that fine-print User License  all the way to the end?  I bet you missed the bit where, if a Micro$oft executive ever drops into your locality, you are obligated to be the Towel Boy (or Girl) until they leave.... 

[Griffin NoName]

? "tasklist/svc" ?

Create cmd DOS box type window.
type  tasklist /svc <return>

Oh right, I thought there was some new wonder thingy. tasklist/svc with no space. (Am going through a pre-vista terror phase at present.) Maybe it was naive to think MS had some easier way than DOS.

Stare in disbelief at how many services are running.

I wish it were so. The disbelief I mean.

Finally (and this is the biggy), stop worrying about what they're up to. You really don't want to know.

Yessssss........you WILL be asssssimilated.....

What?  Didn't you read that fine-print User License  all the way to the end?  I bet you missed the bit where, if a Micro$oft executive ever drops into your locality, you are obligated to be the Towel Boy (or Girl) until they leave.... 

No. But I have lost one towel and a double sheet totally, and my son swears he hasn't got them, so it is worrying.

You are both right.

I don't want to know what svchost is doing. I think I'd rather die.

What I want to know is what is modifying lots of basic MS stuff such that it needs registry keys changing. Without any MS Updates.  Probably explained it badly. The most obvious was Excel being loaded into svchost as a changed module. And having done very extensive malware,spyware,blablabla thingies. and hijack this. and and and....

What I am seeing is something that has probably been around quite a while, causing a few problems but none that actually rang my alarm bells once a few normally sensible usual steps to check system security had eliminated them as a worry. Things started to escalate a bit. Now they have escalated further. So I did more extensive checking. Then I decided to go back to a point they weren't so bad and do some stuff that is not really necessary, but would be generally a "good idea", but not going all the way back to before anything. If I were working on a customers system, I would have junked the lot instead, but I haven't got my team of ants to do all the blasted install/updates all over again. And the only point of the exercise is to leave this machine usable. And as a reference. With all that I currently use.

Where I am now is:

What I "think" I have is a Deep Trojan. That's what it currently smells of.  I am doing the obvious. Like disabling services that should no-question-at-all not have been abled in the first place. Carefully. Removing clutter from startup. Carefully. Checking obvious things.

General Method. From (supposed clean postition). All access blocked. NO changes to any software itself. One by one Thing at a time. Reboot. Re-check all. Double double check. Reboot. Re-check all. Double double check Everything.

All beneficial to leaving this as a spare machine anyway.

But....the smell has got worse.

It's boring.

Looks inevitable that I need to go back to a much earlier point.

sCREAM

[Griffin NoName]

Can anyone recommend a really good s/w for sorting out the registry and performance issues ? preferably free !

Part of the problem seems to be Kaspersky's "learning" process. It has learnt some very bad behaviour and doesn't seem to have any idea that it has. Am very suspicious that various genuine updates have been applied haphazardly to the registry, because Kaspersky has got itself so confused, leading to incomplete updates and strange goings on. Whether any are sinister remains to be seen.