[TCS]BlackMamba 0 Posted March 27, 2004 Share Posted March 27, 2004 (edited) The following things i am unsure whether to allow to access my pC and send out info: NT Kernel And System (C:\WINDOWS\system32\ntoskrnl.exe) Generic Host Process For Win32 Services (C:\WINDOWS\system32\svchost.exe) LSA Shell (Export Version) (C:\WINDOWS\system32\lsass.exe) Edited March 27, 2004 by [TCS]BlackMamba Quote Link to post Share on other sites
Kewl 0 Posted March 27, 2004 Share Posted March 27, 2004 BlackMamba,Mar 27 2004, 16:56 ] The following things i am unsure whether to allow to access my pC and send out info: NT Kernel And System (C:\WINDOWS\system32\ntoskrnl.exe) Generic Host Process For Win32 Services (C:\WINDOWS\system32\svchost.exe) LSA Shell (Export Version) (C:\WINDOWS\system32\lsass.exe) my anti-virus has been picking up those files as trojans (redirecting my internet explorer), the most recent that i picked up was C:\WINDOWS\system32\svchost.exe. Not sure where it came from though. Quote Link to post Share on other sites
Crimson 0 Posted March 27, 2004 Share Posted March 27, 2004 I had the svchost.exe virus too. IIRC, that is a Norton AV file that got infected... can't remember how I got rid of it though. Quote Link to post Share on other sites
Kewl 0 Posted March 27, 2004 Share Posted March 27, 2004 I had the svchost.exe virus too. IIRC, that is a Norton AV file that got infected... can't remember how I got rid of it though. did you notice thse files on the C: drive? i noticed that whenever i rebooted my comp those kinds of files were listed in c:\ dir like they were added whenever i rebooted my system. I got rid of them by running anti-vir. Quote Link to post Share on other sites
[TCS]BlackMamba 0 Posted March 27, 2004 Author Share Posted March 27, 2004 (edited) svchost can be a trojan if it in in the following: C:\WINDOWS\system32\win\svchost.exe however when it is where mine is: NOTE: Svchost.exe is a legitimate program, which is not malicious, found in the System32 directory Edited March 27, 2004 by [TCS]BlackMamba Quote Link to post Share on other sites
Dannik 43 Posted March 27, 2004 Share Posted March 27, 2004 ntoskrnl.exe is safe to allow or disallow, unless your computer is part of a domain, then you'll likely have to allow it. svchost.exe, if in the path you indicated, can be used maliciously by problem apps/trojans, but it also is required for many legitimate uses, so if you are reasonably sure your system is virus/trojan/worm free, go ahead and enable give svchost.exe permission. lsass.exe provides user authentication in Windows services. I have it set to 'ask', and it doesn't ask often. It's really used for folks in proper multi-user environments (like domains, etc) but it has some low level needs in certain day to day user services. Quote Link to post Share on other sites
![[TCS]BlackMamba](data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%201024%201024%22%20style%3D%22background%3A%23627cc4%22%3E%3Cg%3E%3Ctext%20text-anchor%3D%22middle%22%20dy%3D%22.35em%22%20x%3D%22512%22%20y%3D%22512%22%20fill%3D%22%23ffffff%22%20font-size%3D%22700%22%20font-family%3D%22-apple-system%2C%20BlinkMacSystemFont%2C%20Roboto%2C%20Helvetica%2C%20Arial%2C%20sans-serif%22%3ET%3C%2Ftext%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.