Svchost process is started up because of a variety of services, so viruses, Trojan want to find some way to use it in an attempt to use its features to confuse the user, to infection, invasion, destruction of the purpose (such as the Blaster variants of the virus "w32.welchia.worm") . But the windows system, there are several svchost process is normal, in the infected machine in the end which is a virus process? To cite only one example to illustrate.
Suppose windowsxp system was "w32.welchia.worm" infection. Normal svchost file exists in the "c: \ windows \ system32" directory, if you find the file appears in the other directory, be wary. "W32.welchia.worm" the virus exists in the "c: \ windows \ system32wins" directory, so the use of Process Manager to view the svchost process of implementation of the file path is very easy to find whether the system is infected with a virus. windows system, built-in Task Manager is not able to view the path of the process, you can use third-party process management software, such as "windows optimize the master" process manager, through these tools can be very easily see all of the svchost process of implementation of the document the path, once found that the execution path for the unusual position should be immediately detected and addressed.
No comments:
Post a Comment