Svchost .. exe

**wizbit** · 2006-01-09, 09:53

I was doing a bit of checking on my Win XP home and come across this file "svchost..exe" (Note that it has two full stops ..) and is in the same folder (system 32) as the safe windows file "svchost.exe" (only one full stop .) it was in misconfig and would start with windows.

I can't seem to find any information about it on the net and my friends computer who i have setup with the same hardware and some of the same software does not have this file.

So i am sure its not a windows file but is trying to pretend to be , anyone know about this file or would be able to look at this file and tell me what it does please? No program as yet picks it up to be an unwanted file.

Thanks

**tashi** · 2006-01-09, 10:24

Hello.
I removed the zip and sent it to detections.

We will get back to you as soon as possible.
Regards.

**baskar1234** · 2006-01-09, 16:00

Hello,

I didnt have much of time to look into the file to give much of details. BUt from a quick look, it creates the following reg entries. The flag is flagged as a backdoor by kaspersky. An internet explorer runs in the background trying to connect to 24.121.104.18 on port 421.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost..exe: "C:\WINDOWS\system32\svchost..exe"

Hope that helps. I suggest removing the file immediately.

Regards,
Baskar

**wizbit** · 2006-01-09, 17:07

Thanks for looking at the file for me and getting back so quick

.

As soon as i found the file i moved it and made it safe. I Wish i knew what the program was up too , and hope it was not sending my data round the net.

**tashi** · 2006-01-09, 18:58

Thank you baskar1234.

Hi wizbit.
We can take a look at the system if you would like us to.

Go here and follow instructions.
Before you post a log

Start a topic here:
Malware Forum

Someone will then take a look at the system and advise you as soon as available to do so. Let me know if/when you have posted.
Cheers.

**wizbit** · 2006-01-09, 21:39

Originally Posted by tashi

Thank you baskar1234.

Hi wizbit.
We can take a look at the system if you would like us to.

Go here and follow instructions.
Before you post a log

Start a topic here:
Malware Forum

Someone will then take a look at the system and advise you as soon as available to do so. Let me know if/when you have posted.
Cheers.

Thanks for helping , placed log in malware forum

(also on a side note before i done this log i started spybot and it said it had changed before last time , not sure why so i re installed spybot and did a scan and it was clear , i did read the other posts on the subject strange)

**tashi** · 2006-01-10, 08:31

Thank you, I asked Lonny to check the log as soon as he can.

Thread: Svchost .. exe

Thread Tools

Display

Svchost .. exe

Posting Permissions