Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
Strange svchost.exe
Strange svchost.exe

Strange svchost.exe
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Strange svchost.exe dos 04-23-2008
Posted by =?Utf-8?B?ZG9z?= on April 23, 2008, 8:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,
may i ask why do i have svchost(3).exe? MD5 is
8F078AE4ED187AAABC0A305146DE6716. How many svchost files is normal in win xp
home sp 2 ?

Posted by David H. Lipman on April 23, 2008, 8:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hi,
| may i ask why do i have svchost(3).exe? MD5 is
| 8F078AE4ED187AAABC0A305146DE6716. How many svchost files is normal in win xp
| home sp 2 ?

There should be NO svchost(3).exe !

Chances are it is malicious.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Mees de Roo on April 24, 2008, 8:59 am
If you were  Registered and logged in, you could reply and use other advanced thread options
unless you mean that you have 3 instances of svchost.exe running; that's
normal (unfortunately) and about as meaningfull and buggy as rundll(32) at
previous windows versions.

Mees de Roo

>
> | Hi,
> | may i ask why do i have svchost(3).exe? MD5 is
> | 8F078AE4ED187AAABC0A305146DE6716. How many svchost files is normal in win
> xp
> | home sp 2 ?
>
> There should be NO svchost(3).exe !
>
> Chances are it is malicious.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>



Posted by David H. Lipman on April 24, 2008, 5:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| unless you mean that you have 3 instances of svchost.exe running; that's
| normal (unfortunately) and about as meaningfull and buggy as rundll(32) at
| previous windows versions.

| Mees de Roo


Let me clarify this...

If the file is named "svchost(3).exe" it has a high probability of being
malicious.

It is is not the number of instances of svchost.exe running that is important,
it is the
path from which it runs.

SVCHOST.EXE (or variations thereof) is the most common name used by malware to
obfuscate
the malicious intent.

If the file is executed from %windir%\system32 it has the propensity of being
legitimate
(unless trojanized/patched).

If the file is executed in any other location then the chances are extremely
high it is
malicious.

If the file is found running under Win98/ME then the chances are extremely high
it is
malicious.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by =?Utf-8?B?ZG9z?= on April 29, 2008, 4:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


"David H. Lipman" wrote:

>
> | unless you mean that you have 3 instances of svchost.exe running; that's
> | normal (unfortunately) and about as meaningfull and buggy as rundll(32) at
> | previous windows versions.
>
> | Mees de Roo
>
>
> Let me clarify this...
>
> If the file is named "svchost(3).exe" it has a high probability of being
malicious.
>
> It is is not the number of instances of svchost.exe running that is important,
it is the
> path from which it runs.
>
> SVCHOST.EXE (or variations thereof) is the most common name used by malware to
obfuscate
> the malicious intent.
>
> If the file is executed from %windir%\system32 it has the propensity of being
legitimate
> (unless trojanized/patched).
>
> If the file is executed in any other location then the chances are extremely
high it is
> malicious.
>
> If the file is found running under Win98/ME then the chances are extremely
high it is
> malicious.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
> Service load:         
0%                           100%
File:         svchost(3).exe
Status:         
OK(Note: file has been scanned before. Therefore, this file's scan results
will not be stored in the database)
MD5:         8f078ae4ed187aaabc0a305146de6716
Packers detected:         
-
Bit9 reports:         
Scanner results
Scan taken on 29 Apr 2008 20:05:58 (GMT)
A-Squared         
Found nothing
AntiVir         
Found nothing
ArcaVir         
Found nothing
Avast         
Found nothing
AVG Antivirus         
Found nothing
BitDefender         
Found nothing
ClamAV         
Found nothing
CPsecure         
Found nothing
Dr.Web         
Found nothing
F-Prot Antivirus         
Found nothing
F-Secure Anti-Virus         
Found nothing
Fortinet         
Found nothing
Ikarus         
Found nothing
Kaspersky Anti-Virus         
Found nothing
NOD32         
Found nothing
Norman Virus Control         
Found nothing
Panda Antivirus         
Found nothing
Sophos Antivirus         
Found nothing
VirusBuster         
Found nothing
VBA32         
Found nothing
Yes, the file is executed from %windir%\system32.

Similar ThreadsPosted
svchost.exe virus? January 16, 2007, 5:19 pm
Modified svchost.exe November 9, 2008, 5:46 am
C:\WINDOWS\SYSTEM32\SVCHOST.EXE August 7, 2006, 6:00 pm
Help! Fake svchost.exe on my computer October 6, 2006, 7:27 am
What is C:\WINDOWS\system32\svchost.exe December 8, 2006, 10:03 pm
SMTP Trojan uses SVCHOST on W2K Pro November 4, 2008, 1:23 pm
Re: Unknown svchost.exe DNS port 53 network activity December 20, 2006, 4:26 pm
Strange one October 17, 2007, 12:39 am
Strange virus October 3, 2006, 9:16 pm
Strange AVG behavior. March 31, 2007, 3:41 pm

The site map in XML format XML site map

Contact Us | Privacy Policy