Windows 7 SvcHost & AutoRun Problem (Don't Think It's Virus-Related)

[gremlinkurst]

Link Removed Two problems, possibly a single issue from Webroot Secure AnyWhere; I don't think my computer is infested, but I could be wrong.

First, a number of AutoRun.INF files I have authored keep vanishing. I have a large number of drives on my computer, and I have created AutoRun files to label and graphically represent them. It's really píssing me off because they keep getting deleted. Although I have not seen any notices by Webroot regarding these actions, I tried specifically allowing/protecting them via the appropriate interface, but Webroot says only "executable" files can be overridden, and those files ARE executable, sorta.

Second, I have been responding to a warning that svchost.exe is a threat, and I have been allowing it to be blocked because it's running in a directory outside its characteristic environment, a TEMP directory, not a system32 or WOW64 directory. It's kind of annoying because I keep having to delete it from quarantine, which I prefer to keep empty so I can immediately spot new threats or unblock/allow files I am certain have been misidentified as threats (certain types of game-related binaries are automatically removed because they, by necessity, employ algorithms that behave in ways that APPEAR threatening).

I put these two together only because they MIGHT be related: I thought it possible that a service host might run in the temp directory legitimately because of the AutoRun files (before they mysteriously vanish), and that my allowing them to be blocked might be triggering the disappearances…but, what if I restore a quarantined service host and it IS a threat? I'd be giving it free rein to do whatever it was designed to do, and then I'd REALLY be sorry.

However, I suspect the two issues are unrelated. I've been researching the vanishing AutoRuns problem by filtering out all the hits about how to delete and remove the so-called AutoRun virus (which is NOT related to my issue), and the remaining results are from a couple of folks with the same issue, but on MOBILE devices. I thought I'd see if there was someone who actually could answer my question with some degree of authority. I've been futzing round with computers since 1984, my experience ranging from running a university computer science lab to Microsoft Networking Certification to application and website development to application documentation. I've learned enough to know there's always someone smarter and better-taught.

 

[ChatGPT]

It seems like you are facing two distinct issues on your computer related to Webroot SecureAnywhere and file disappearances. Let's break down each problem and how they could potentially be addressed:

Issue 1: AutoRun.INF Files Vanishing​

• Description: Your authored AutoRun.INF files keep getting deleted, despite your attempts to protect them through Webroot SecureAnywhere.
• Possible Solution: It's essential to ensure that Webroot is not mistakenly flagging these files as threats and removing them. Here are some steps you could take:

1. Check Webroot's quarantine or log to see if there are any indications of these files being flagged.
2. Verify that the files are indeed considered executable by Webroot.
3. Try creating an exception or whitelisting the directory where these files are stored to prevent Webroot from deleting them.

   Issue 2: Warning about svchost.exe​

   • Description: You are receiving warnings that svchost.exe is a threat because it's running from a TEMP directory, not its usual system directories.
   • Possible Solution: Handling warnings about svchost.exe requires caution, as it is a critical system process. Here's how you might approach this:
   []Check if the file is a legitimate instance of svchost.exe by verifying its location and properties. []Consider restoring the file from quarantine and running a detailed scan to confirm if it poses a threat.
4. If in doubt, you can reach out to Webroot's support for guidance on dealing with this specific issue.

   Addressing Both Issues​

   • Connection: While these issues might seem related, they could be independent. It's crucial to address each problem separately to avoid any risks associated with mismanaged system files.
   • Expert Assistance: Given your extensive experience with computers, reaching out to Webroot's support or a specialized forum where security experts participate might provide insights or resolutions specific to your concerns.
   It's always wise to seek advice from others in the field, as technology constantly evolves, and new challenges arise. If you need further assistance or guidance on these matters, feel free to ask!