Thanks to Tejas, Lance and Kent for providing valuable info. I did try and
find the location of SVCHOST. EXE and got the following locations:
c:\I386
c:\WINDOWS\SYSTEM32
C:\WINDOWS\SYSTEM32\WINS

The definition for the SVCHOST.exe at location C:\WINDOWS\SYSTEM32\WINS is
Generic Host Process for WIN32 services
TCP/IP Trivial File Transfer Deamon

which is different from the one located at System32 folder.

would appreciate if somebody would confirm if all the above are genuine or
is there a malware lurking around?

thanks.

RIM.

Sounds like a trojan worm. The first two locations are legit. See this link
and scan your machine for viruses.
http://www.pchell.com/virus/welchia.shtml

--
~john aka: jopa



"imoorthy" > wrote in message
...
> Thanks to Tejas, Lance and Kent for providing valuable info. I did try
> and
> find the location of SVCHOST. EXE and got the following locations:
> c:\I386
> c:\WINDOWS\SYSTEM32
> C:\WINDOWS\SYSTEM32\WINS
>
> The definition for the SVCHOST.exe at location C:\WINDOWS\SYSTEM32\WINS is
> Generic Host Process for WIN32 services
> TCP/IP Trivial File Transfer Deamon
>
> which is different from the one located at System32 folder.
>
> would appreciate if somebody would confirm if all the above are genuine or
> is there a malware lurking around?
>
> thanks.
>
> RIM.
>

"imoorthy" > wrote in message
...
> Thanks to Tejas, Lance and Kent for providing valuable info. I did try
and
> find the location of SVCHOST. EXE and got the following locations:
> c:\I386
> c:\WINDOWS\SYSTEM32
> C:\WINDOWS\SYSTEM32\WINS
>
> The definition for the SVCHOST.exe at location C:\WINDOWS\SYSTEM32\WINS is
> Generic Host Process for WIN32 services
> TCP/IP Trivial File Transfer Deamon
>
> which is different from the one located at System32 folder.
>
> would appreciate if somebody would confirm if all the above are genuine or
> is there a malware lurking around?
>
> thanks.
>
> RIM.

The first folder C:\I386 also does not apprear correct. The I386 folder
contains copies of the original installation files for Windows XP. That
folder should contain SVCHOST. EX_ not SVCHOST. EXE. SVCHOST. EX_ is the
compressed version of your original SVCHOST. EXE. The expanded SVCHOST. EXE
does not look proper in the I386 folder.

Don

Thanks guys for your help. Do I delete the SVCHOST.EXE at locationi\386\?

"Don MI <>" wrote:

>
> "imoorthy" > wrote in message
> ...
> > Thanks to Tejas, Lance and Kent for providing valuable info. I did try
> and
> > find the location of SVCHOST. EXE and got the following locations:
> > c:\I386
> > c:\WINDOWS\SYSTEM32
> > C:\WINDOWS\SYSTEM32\WINS
> >
> > The definition for the SVCHOST.exe at location C:\WINDOWS\SYSTEM32\WINS is
> > Generic Host Process for WIN32 services
> > TCP/IP Trivial File Transfer Deamon
> >
> > which is different from the one located at System32 folder.
> >
> > would appreciate if somebody would confirm if all the above are genuine or
> > is there a malware lurking around?
> >
> > thanks.
> >
> > RIM.
>
> The first folder C:\I386 also does not apprear correct. The I386 folder
> contains copies of the original installation files for Windows XP. That
> folder should contain SVCHOST. EX_ not SVCHOST. EXE. SVCHOST. EX_ is the
> compressed version of your original SVCHOST. EXE. The expanded SVCHOST. EXE
> does not look proper in the I386 folder.
>
> Don
>
>
>

Thanks guys for yor help. Do I delete the C\i386\ SVCHOST.EXE also?

"Don MI <>" wrote:

>
> "imoorthy" > wrote in message
> ...
> > Thanks to Tejas, Lance and Kent for providing valuable info. I did try
> and
> > find the location of SVCHOST. EXE and got the following locations:
> > c:\I386
> > c:\WINDOWS\SYSTEM32
> > C:\WINDOWS\SYSTEM32\WINS
> >
> > The definition for the SVCHOST.exe at location C:\WINDOWS\SYSTEM32\WINS is
> > Generic Host Process for WIN32 services
> > TCP/IP Trivial File Transfer Deamon
> >
> > which is different from the one located at System32 folder.
> >
> > would appreciate if somebody would confirm if all the above are genuine or
> > is there a malware lurking around?
> >
> > thanks.
> >
> > RIM.
>
> The first folder C:\I386 also does not apprear correct. The I386 folder
> contains copies of the original installation files for Windows XP. That
> folder should contain SVCHOST. EX_ not SVCHOST. EXE. SVCHOST. EX_ is the
> compressed version of your original SVCHOST. EXE. The expanded SVCHOST. EXE
> does not look proper in the I386 folder.
>
> Don
>
>
>

"imoorthy" > wrote in message
...
> Thanks guys for yor help. Do I delete the C\i386\ SVCHOST.EXE also?
>

There may be some reason that I do not understand why you have SVCHOST.EXE
in your I386 folder. First check to verify that you have SVCHOST.EX_ file
in the folder. Try doing search for SVCHOST.EX_. If you have the normal
compress version of SVCHOST.EXE if the I386 folder, there is no reason to
have SVCHOST.EXE there. So, delete it.

If you do not have SVCHOST.EX_, I would check with your OEM support. IMO
the file is either a virus or pest.

Don