• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

svchosd.exe and sachost.exe

1 post in this topic

I thought this is worth of sharing.


Some time ago I downloaded the Personal Firewall from ZoneLabs. Since I was determined to protect against spyware, I set it so that if a program is trying to send data, a little dialog box pops up, and it the Firewall asks me if I let the program to access the internet.


Along with the usual ones (AIM, Real, etc.), there was this program, svchosd.exe, that always asked for permission, and I - don't know why - but never gave it to it. It asked periodically, perhaps every two hours or so. And for some strange reason I never let it access the net.


About that time I noticed that my comp was acting unusually. After I turned it on, it would just show the nice WinXP default background, no taskbar, no start button, no icons, etc. And it would just sit there like that forever. I always had to turn it off and then back on, and fortunately it worked normally after that. Until the next after-all-night-first-power-on.


Then one day I just got suspicious and did a google search for svchosd.exe and it returned a bunch of HijackThis logs at several different forums.

So I ran HijackThis and it showed at among my BHOs, I had svchosd.exe and sachost.exe. Neither CWSshredder nor Adaware recognized these files.

Then I looked in my windows directory, and there it was: sachost.exe, in windows\, lacking an icon (which is immediately suspicious), and missing a description too, which is not a promising thing in the windows directory. And in windows\system32\, there was svchosd.exe, no icon, no descr. So I deleted both of them, and used HijackThis to delete their BHO Run command.


Intrestingly, my computer no longer freezing at each power-on.


So basically, I have a good reason to believe that svchosd.exe and sachost.exe are spyware programs, with svchosd also trying to send information outbound.



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0