SVCHOST.EXE vs SCVHOST.EXE

1. Two approximately similar names but with poles apart function and reason to exist.If ever you have tried cleaning or accessing an infected pen drive you must have come across these names in the file names list.I would just try and make the difference clear in brief below.

2. SCVHOST.EXE is a process which is registered as W32/Agobot-S virus. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

3. SVCHOST.EXE is located in the System32 folder and is an built-in part of Windows OS. It cannot be stopped or restarted manually. This process manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry and constructs a list of services that it needs to load. Under normal conditions, multiple instances of Svchost.exe will be running simultaneously. Each Svchost.exe session can contain a grouping of services, so that many services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

4. I hope this amply makes the difference clear

How to avoid an infected USB/PEN Drive?

1. The most common way for a virus to infect a healthy PC is through USB/Flash drives. Common viruses such as 'Ravmon' , 'New Folder.exe', etc spread through USB/flash drives . Invariably, anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Following are a step by step easy to do instruction

(a) A window appears similar to the one shown below…

(b) Don't click on Ok , just choose 'Cancel'.

(c) Open the Command Prompt by typing 'cmd' in the run box.

(d) In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

(e) This will display a list of the files in the Flash drive or Hardisk. Check whether the following files are there or not

(i) Autorun.inf

(ii) Ravmon.exe

(iii) New Folder.exe

(iv) svchost.exe

(v) Heap41a

(vi) or any other .exe which may be suspicious.

(f) If any of the above files are there, then probably the USB drive is infected.

(g) In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files.

(h) Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with a latest anti-virus program like McAfee or TrendMicro's PCCillin to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the "Autorun.inf" file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections invariably spreads...but not if u take these precautions as mentioned above.

2. Thanks http://www.howtodothings.com