一、手工清除SVCHOST.EXE病毒
查看:svchost.exe进程是什么
在开始菜单的运行中输入cmd,出现命令行提示,输入命令“tasklist /svc >c:\1.txt”(例如:C:\Documents and Settings\Administrator>tasklist /svc >c:\1.txt),就会在C盘根目录生成1.txt文件,打开1.txt可以看到如下内容:查找svchost.exe的PID值和服务名称。******************************************************************************图像名 PID 服务 ========================= ====== =============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 1168 暂缺 csrss.exe 1228 暂缺 winlogon.exe 1260 暂缺 services.exe 1308 Eventlog, PlugPlay lsass.exe 1320 PolicyAgent, ProtectedStorage, SamSs ibmpmsvc.exe 1484 IBMPMSVC ati2evxx.exe 1520 Ati HotKey Poller svchost.exe 1544 DcomLaunch, TermService svchost.exe 1684 RpcSs svchost.exe 380 AudioSrv, BITS, Browser, CryptSvc, Dhcp, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, Sharedaccess, ShellHWDetection, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC btwdins.exe 420 btwdins ati2evxx.exe 456 暂缺 EvtEng.exe 624 EvtEng S24EvMon.exe 812 S24EventMonitor svchost.exe 
