Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What happens when SVCHOST is removed from Windows 2003?

Status
Not open for further replies.
1LUV1T

1LUV1T

IS-IT--Management
Nov 6, 2006
231
US
Hi all, my network is infected with either a VUNDO variant or something equally as bad. I don't want to post the logs just yet, nor am I seeking advise for removal. I have already identified the main infected file to be SVCHOST.EXE which will be deleted after I restart my Win2k3 server. My question is, what happens after reboot? Does Windows get corrupted? Can it possibly function after SVCHOST is gone?

ComboFix does not seem to run on Win2003. All the other scanners/fixers (MBAM, F-Secure, Hitman Pro) need to remove SVCHOST because it is now an infected file (Trojan).

Thanks in advance.
 
Sort by date Sort by votes
Can it possibly function after SVCHOST is gone?" no

i never would repair a server, use your last good-known backup or do a fresh install

M. Knorr

MCSE, MCTS, MCSA, CCNA
 
Upvote 0 Downvote
Deleted when the server restarts? By what?

Chances are that server won't start...
 
Upvote 0 Downvote
I've just had a similar situation on about 20 of my users PC's, do you have a file called sdra64.exe in windows\system32? If yes it gets loaded from

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Userinit= C:\\WINDOWS\\SYSTEM32\\Userinit.exe,C:\\WINDOWS\\system32\\sdra64.exe,”

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
822
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
769
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
437
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
545
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
364
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top