Help! Fake svchost.exe on my computer

Help! Fake svchost.exe on my computer
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Help! Fake svchost.exe on my computer Panya 10-06-2006
Posted by Panya on October 6, 2006, 7:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

Recently, my computer is infected by some trojans.
And I try to manually fix it (as before).
Here is my usual pratice to remove trojan.
-Boot in Safe mode.
-Locate suspicious files in
HKLM\Software\Microsoft\Windows\CurrentVersion\Run***
-Remove those files then remove registry key
-Reboot
But this cant help me this time.

I noticed the FAKE svchost.exe even I boot in Safe mode!
I know that it is fake because I use ProcessExplorer
and found that that svchost.exe process has no
process description or image file path as the real ones.
Its process icon is also a bit different.
When I try to kill it. Is said that "Access is denied"
I also cannot find any fake svchost.exe on my harddrives.

What is this? On-memory process that has no physical file?
Or there must be a trojan file out there
but it can disguise its process name?
Anybody knows how to deal with it?
Thanks,

Panya


Posted by Nick Skrepetos on October 6, 2006, 1:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

Panya wrote:
> Hi,
>
> Recently, my computer is infected by some trojans.
> And I try to manually fix it (as before).
> Here is my usual pratice to remove trojan.
> -Boot in Safe mode.
> -Locate suspicious files in
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run***
> -Remove those files then remove registry key
> -Reboot
> But this cant help me this time.
>
> I noticed the FAKE svchost.exe even I boot in Safe mode!
> I know that it is fake because I use ProcessExplorer
> and found that that svchost.exe process has no
> process description or image file path as the real ones.
> Its process icon is also a bit different.
> When I try to kill it. Is said that "Access is denied"
> I also cannot find any fake svchost.exe on my harddrives.
>
> What is this? On-memory process that has no physical file?
> Or there must be a trojan file out there
> but it can disguise its process name?
> Anybody knows how to deal with it?
> Thanks,
>
> Panya

Try scanning with SUPERAntiSpyware Free Edition here:
http://www.superantispyware.com

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com


Posted by David H. Lipman on October 6, 2006, 2:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hi,
|
| Recently, my computer is infected by some trojans.
| And I try to manually fix it (as before).
| Here is my usual pratice to remove trojan.
| -Boot in Safe mode.
| -Locate suspicious files in
| HKLM\Software\Microsoft\Windows\CurrentVersion\Run***
| -Remove those files then remove registry key
| -Reboot
| But this cant help me this time.
|
| I noticed the FAKE svchost.exe even I boot in Safe mode!
| I know that it is fake because I use ProcessExplorer
| and found that that svchost.exe process has no
| process description or image file path as the real ones.
| Its process icon is also a bit different.
| When I try to kill it. Is said that "Access is denied"
| I also cannot find any fake svchost.exe on my harddrives.
|
| What is this? On-memory process that has no physical file?
| Or there must be a trojan file out there
| but it can disguise its process name?
| Anybody knows how to deal with it?
| Thanks,
|
| Panya


To find out what that is, please submit a sample of the suspect file to Virus
Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
Fake Spyware Warning August 18, 2005, 3:51 pm
fake spyware message February 18, 2006, 7:49 pm
Fake Virus Alert August 5, 2006, 9:27 am
distinguish real from fake dialog? September 12, 2008, 1:43 pm
smitfraud creating fake registry entries?? September 24, 2006, 6:23 am
One more "Fake" Anti-Malware product-"eAntivirusPro" September 18, 2008, 7:08 am
Can Updates be transfered from computer to computer. June 14, 2007, 5:43 am
svchost.exe virus? January 16, 2007, 5:19 pm
Strange svchost.exe April 23, 2008, 8:54 am
Modified svchost.exe November 9, 2008, 5:46 am

The site map in XML format XML site map

Contact Us | Privacy Policy