In the win.ini file, under [WINDOWS], "run=" and "load=" are possible ways to load "Trojan" programs, so you must be very careful about them. Normally, there is nothing after the equal sign for these entries. If you find a path and filename that is not one of your familiar startup files, then your computer may have been infected with a "Trojan." Of course, you should also look carefully because many "Trojans," such as the "AOL Trojan," disguise themselves as command.exe files. If you're not paying attention, you might not realize that it's not a genuine system startup file.
What exactly does Svchost.exe do?
So how did the claim that Svchost.exe is a virus come about?
How can you tell which instances of Svchost.exe are normal processes and which ones are virus processes?