Phil97 Posted June 11 ID:1642471 Share Posted June 11 Hello, I have encountered a problem today which leads me to be uncertain about whether or not I have a virus on my PC. Today I got a notification that svchost tried to access a protected folder (\Device\HarddiskVolume3). While researching svchost, I found out that svchost should not be running under the user account and that if it does, it at least indicated a virus infection in the past. There are multiple svchost processes running under my account name. I ran both a full Windows Defender check (after making sure it is up to date) as well as a regular Malwarebytes scan. None of them managed to find anything. VirusTotal also did not pick up anything for the svchost.exe, it is the one in the System32 folder, and the signer is verified. Using Process Explorer, I managed to find out that their services are: CDPUserSvc_8305cab, webthreatdefusersvc_8305cab, WpnUserService_8305cab, cdbhsvc_8305cab, UdkUserSvc_8305cab, NPSMSvc_8305 and finally the following all for one process OneSyncSvc_8305cab, PimIndexMaintenanceSvc_8305cab, UnistoreSvc_8305cab and UserDataSvc_8305cab. I am using Windows 11. Could somebody please tell me what next steps I should take? Is there any way to make sure that there is or isn't malware present? Thank you in advance! Link to post Share on other sites More sharing options...
Porthos Posted June 11 ID:1642475 Share Posted June 11 @Phil97 Please download Farbar Recovery Scan Tool and save it to your desktop. Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you 1 Link to post Share on other sites More sharing options...
Phil97 Posted Wednesday at 06:07 PM Author ID:1642671 Share Posted Wednesday at 06:07 PM Thank you, I had posed a similar question at the Microsoft forum and have been informed that this is completely normal behavior in Windows 11. The svchost services I listed are per-user-services, which are run under the logged-in user account: https://learn.microsoft.com/en-us/windows/application-management/per-user-services-in-windows Sorry for any inconvenience I caused Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted Wednesday at 06:58 PM Root Admin ID:1642680 Share Posted Wednesday at 06:58 PM Since this issue is resolved the topic will now be closed to prevent others from posting here. If you need assistance please start your own new topic and someone will be happy to assist you. Thanks Link to post Share on other sites More sharing options...
Recommended Posts