I've been getting these alerts for almost a week now.  I ran a reputation scan and Norton says that this file is "Trusted" and "100% Reliable," but I don't believe it, because all it's been doing is bogging down my computer and causing it to crash every now and then.  I also ran 2 full system scans, and still no improvements.

It all started after I downloaded Skype last week, then I uninstalled it after I realized how bad is was bogging down my computer.  It runs a little better now, but it's still not up to its peak performance the way it was before this.

I tried to just delete this "svchost.exe" file, but it won't let me because it says that it "can't be deleted because the file is open," but it's not open.

BTW, this file was originally created back in July of 2009, but there was a recent update on it a week ago, after I installed Skype.

What is the location of svchost.exe

Quads

I've been getting these alerts for almost a week now.  I ran a reputation scan and Norton says that this file is "Trusted" and "100% Reliable," but I don't believe it, because all it's been doing is bogging down my computer and causing it to crash every now and then.  I also ran 2 full system scans, and still no improvements.

It all started after I downloaded Skype last week, then I uninstalled it after I realized how bad is was bogging down my computer.  It runs a little better now, but it's still not up to its peak performance the way it was before this.

I tried to just delete this "svchost.exe" file, but it won't let me because it says that it "can't be deleted because the file is open," but it's not open.

BTW, this file was originally created back in July of 2009, but there was a recent update on it a week ago, after I installed Skype.

Well, I'm certainly no computer geek and I have no idea what all these thousands of files are supposed to be for.  All I know is that this "winrscmde" TROJAN (is what I found out it was) buried itself in my "svchost" file, which I could not open so I could get to it and delete it.

Anyway, I did what I should have done from the get-go -- I ran a search for this problem and apparently it's been going on since at least January of this year.  I came across this forum and quickly found the solution:

http://www.bleepingcomputer.com/forums/topic436219.html

Almost immediately after I downloaded the MBAM software it detected it, and I was able to put it into quarantine and delete it (didn't even have to do the "TDSSkiller" steps).  Then I ran a full system scan with it just for good measure, and low and behold it found 17 various adware and malware crap that's been on my computer for who knows how long.  It's all been removed and my computer is running like it did when I first bought the thing over 2 years ago -- like NEW!

If this "winrscmde" thing has been known to exist for so long, why hasn't Norton updated its system yet?  They should have known about it by now.  And why did I have so much other crap floating around in my computer?  Isn't Norton supposed to safeguard my computer from all that stuff?  I pay a lot of money for Norton so this kind of thing won't happen.

I have been having problems with my computer for the last week, at first I though MS had sabotaged Win7 to induce me to move upto Win8! It hogs up both memory and cpu.

  However, I have identified the problem to be with the svchost/winrscmde process/service. I killed the service twice, but it keeps coming back. I zalso deleted the svchost.exe file in the Windows directory - but it also was recreated!

   I then ran a complete scan from NIS (16.8.3.6) which has a valid subscription and was just (live) updated. Ialso ran the Norton Power Eraser. None of these tools identified or fixed the problem.

   This is a well documented problem on the web and I am disappointed that Norton/Symantec has not addressed it. I guess I now have to go to bleeping computer....

Ok, user did his own thing, with what I relised what it was but was waiting for the answer to the queston but never received. I know the user camwe online while I was still up but choose to ignore and do whatever instead.

hahahaha If this "winrscmde"  itself has nothing to do with it, the user used just MBAM and yes it detects  [drive]Windows\svchost.exe, as Trojan agent.  but MBAM is in total not allowed to deal with the infection, so at least I can laugh at this as the user decided that that is all they requre, they know what they are doing.

There is no point asking for help but disappearing and doing your own thing. Users just jump in without knowing, (mostly males).  Then with this infection group as seen on this forum I end up having to getting more BCD data and then getting Windows Booting again.  Othet forums have that problem also.

Quads

---

gschelz wrote:

I have been having problems with my computer for the last week, at first I though MS had sabotaged Win7 to induce me to move upto Win8! It hogs up both memory and cpu.

  However, I have identified the problem to be with the svchost/winrscmde process/service. I killed the service twice, but it keeps coming back. I zalso deleted the svchost.exe file in the Windows directory - but it also was recreated!

   I then ran a complete scan from NIS (16.8.3.6) which has a valid subscription and was just (live) updated. Ialso ran the Norton Power Eraser. None of these tools identified or fixed the problem.

   This is a well documented problem on the web and I am disappointed that Norton/Symantec has not addressed it. I guess I now have to go to bleeping computer....

 

---

You need your own thread

Quads

Here is 2 threads

http://community.norton.com/t5/Other-Norton-Products/Computer-Dell-XPS-Windows-7-64-bit-wont-boot-after-using-Norton/m-p/756602/highlight/true#M48762
http://community.norton.com/t5/Other-Norton-Products/Ran-Norton-Power-Eraser-and-now-Windows-Vista-64-bit-won-t-boot/m-p/754528/highlight/true#M48667

Quads

Quad, when you immediately decided to be a wiseass about it (which you continue to be), that's when I decided to look elsewhere.  I don't want help from people like that.  Thanks.

To gschelz,  I actually did have to do the "TDSSkiller" step.  I realized it was still on my computer when I started my computer today, and MBAM immediately picked it back up again.  I did the extra step and it's gone now.

Who is the wiseass

User ran MBAM, I am clean.............................................  (as I said MBAM is not allowed to touch  it)

This morning  Oh no I am not.

"I realized it was still on my computer when I started my computer today, and MBAM immediately picked it back up again.  I did the extra step and it's gone now."

hahahahaha,   point in case use thought he did it but didn't,  still infected, what about the FS??   

These sorts of users are the PIA of malware removalists, where we end up trying to shock users into realising it is not their area to play with, andd users who screw their systems over have found out the hard way.

I can infect my system with this and other malware and then go about finding removal proceedures for the internet. 

I jump up and down when a piece of malware WON'T infect my system and I want it to, as Symantec found out I gave them a laugh when I finally was able to infect my system with it YAY!!!!

I don't think Symantec is use to someone going YAY!! when having their system infected.  But it is Quads

Quads

I can see that you believe you're some kind of omniscient anti-viral god, but there's no need to be arrogant and condescending with your apparent knowledge. 

How am I being a wiseass by not wanting to deal with a wiseass?  Did I hurt your feelings?

So...I went and tried to solve my problem and thought it was fixed.  Me thinking it was fixed still doesn't make me a wiseass.  You need to look up the definition......(now that's being a wiseass).

User does not get it, oh well, 

People like myself, (malware removalists) know with malware what to do and what users are not to do,  considering your first post and ones since, you had no ide3a what you were looking at, I tried to delete it, but it says it is open, but it is not open.  hahaha,  The system is correct the file is OPEN.  and the fact you tried to delete it.

The you used MBAM, ....................... basically you thought you were now fixed,    well as I stated in the next message MBAM can't deal with this type of infection.

The you found that out also.   Then you have to deal with the FS,

"I can see that you believe you're some kind of omniscient anti-viral god,"  Not a Anti-Viral god, though users in the past who follow instructions and I removal all sorts of malware have called me a god, genius and so it goes on.

I just stick to my area day in and day out removing malware and getting Windows starting up for users. I help Symantec, other removal forums (their removalists) and so on.

But that also means I can also tell by what a user is doing or typed, they have no idea, or going in areas they shouldn't.

"How am I being a wiseass by not wanting to deal with a wiseass? "  I can see you had no idea, but still thought or think I know what I am doing blah blah.  otherwise you would not have stated that the file is not open, tried to delete it, left it at just MBAM, thinking I am clean and so it goes on.

Asked for helped, never replied, but went your own why first,   No point in asking for help, It is that simple.

Quads 

You still don't get it. 

I asked for help...you acted like a wiseass.  I then decided it was better to look elsewhere for help, and I got my problem solved.  Had you not acted like a wiseass, I would have continued seeking your help.  Comprende?  Just accept it.  No need to carry on like a broken record, parroting the same things that have already been explained.  You're wasting bandwidth.

I explained and asked this

You are a classic,

"I tried to just delete this "svchost.exe" file, but it won't let me because it says that it "can't be deleted because the file is open," but it's not open."

"svchost.exe" in the system32 folder is open as Windows requires it., delete the file and you would see what happens to windows.

If svchost.exe is in another location then ..............................

Quads

What is the location of svchost.exe

Quads

I got no reply until you did your own thing instead, not knowing what you were looking at and really doing.  Where with people like myself and malware we do removals everyday of all types

You're wasting bandwidth., hahaha well whatever cos it doesn't worry me as I am on unlimited, I pay a set charge and that is it, no matter how much.

I am now finished here I have malware to test and other threads for malware removal to do (That follow my directions, questions and wait for each step.)

BYE

Quads

Let me see if I can help you see the error in your ways.

For starters, you could have left out the "you are a classic" comment.  The only thing one can gather from someone in my position is it must mean a "classic _________ (insert negative remark here)."  It's wiseass.

Secondly, instead of leaving things a mystery by saying "delete the file and you would see what happens to windows," why not just say exactly what would happen?  If you're not going to simply tell me what exactly would happen, then you're not being very useful.

I hope that you can now finally understand why I looked elsewhere.