ok, this post may make me sound like an idiot, and i have no idea if this is the right place to post it, and i have no idea where else i could post it, so i'm just gonna lay it down here and hopefully someone can give me some kind of answer/advice. My norton anti-virus keeps popping up a virus alert for "svchost.exe", saying that this file is infected with the Trojan.adclicker virus.
Source: C:\WINDOWS\System32\inetcfg\SVCHOST.EXE
Click for more information about this virus : Trojan.Adclicker
now I've done some searching and found out that other people have had a similar problem and asked for advice, and some people have told them NOT to delete the file and some have said to delete it and some have talked about a patch of some sort? Is there anyone out there that can help me better understand this problem so i can resolve it, or is there anyone that can give me any kind of help at all? Anything would be greatly appreciated, thank you.

I always go to the symantec site for how to deal with viri I not sure what to do with.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.adclicker.html

Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. If you delete it ( Can't do it while windows is running BTW ), the next time you start your system, none of your services will load. Somewhere in your registry svchost.exe is reading a key incorrectly or the executable itself has been modified. I'll look for possible patches, but having a back-up of your OS would be incredibly helpful at this moment since the only thing you would have to do is replace the file in safe mode.

Listen to Wolfie. This is straight from the link he gave.

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Restart the computer in Safe mode or VGA mode.
4.Run a full system scan and delete all the files detected as Trojan.Adclicker.
5.Delete the value that was added to the registry.

I may be wrong here...but if he deletes svchost.exe because it has been infected, he's gonna need to replace it. Otherwise, his services will never load. I saw what the link said and it will get rid of the trojan but it might blow away his ability to load services at the same time.

I have NEVER had a problem with symantech making something not work. If you find otherwise, great, but I'd trust them to not hurt a machine.

My guess as to what this virus does, is creates that registry key to load something with svchost, or loads a face one or something, I don't think it can modify the original.

You can allways back up svchost.exe onto a floppy. If you have problems after its removed, I think you could make a .bat file to copy svchost.exe back to the right folder then start windows (although I don't know how to make the batch file)

phalkon:
a batch file works like this...

open notepad.
type in dos commands, simple ones are netstat, exit, time, date, etc... there are a lot of complicated ones too.
save the file from notepad as a text file with extension of ".bat".

there you have it, a simple batch file :)

Yeah, I know how to make a batch file, I've done that, I just don't remember too many dos commands, I was spoiled and jumped into computers with 95, I had very limited access to 3.1 machines...so I didn't need dos too much.

props to wolfie.. follow those instructions and u should be good 2 go

ooo.

well...
go to the run thingy, type command (you will get command.com) or cmd (you will get cmd.exe) and type help. lots of thingys there. then when you need to see the more advanced options, type "/?" after the command name to get a list of attribs.

lots of sites offer even more advanced commands, like how to kill a process and etc.