Results 1 to 4 of 4

Thread: Virus desguised as svchost.exe, HELP PLEASE

  1. #1
    blueeyedfox Guest

    Default Virus desguised as svchost.exe, HELP PLEASE

    Okay, I got these alerts about "Passdumper" using "svchost.exe" to access the internet I denyed them and this is what my logs look like, It wasnt the real svchost.exe but, I beleive a virus of some sort from the TMP folders.

    This all happend after I was running a EXE for this FTP program to install it and alerts came up. When this was all happening I also got another alert for another program from the virus scanner

    What should I do?
    When I looked for more info this came uphttp://pralerts.zonelabs.com/pranaly...p;tab=overview
    Oddly enough, its not in my temp folder anymore.








    Message Edited by BlueEyedFox on 05-10-2008 01:34 PM

    Message Edited by BlueEyedFox on 05-10-2008 01:35 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Virus desguised as svchost.exe, HELP PLEASE

    Well how did you respond to the scanner's alert?
    Checked it quarantine? It maybe there.

    Tried to first scan the file before executing it?

    Oldsod.
    Best regards.
    oldsod

  3. #3
    blueeyedfox Guest

    Default Re: Virus desguised as svchost.exe, HELP PLEASE

    It wasnt a anti virus alert, it was a firewall alert, as you can see by the logs I blocked the intrusion because I've never heard of Passdumper and svchost.exe so I blocked it.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Virus desguised as svchost.exe, HELP PLEASE

    ZA will only allow svchost.exe from it's proper file location and it's proper hashsum.
    If the file location and/or the hashsum are incorrect, then the ZA will not allow the spoofed svchost.exe and either ask for it's permission or deny it's connection - depending all on the security slider setting.


    Svchost.exe has always been a favorite spoofed windows file by many troyan writers for a long time.
    The antivirus should have stopped it when the file was executed and well before it attempted to connect to the internet.

    Oldsod.

    Message Edited by Oldsod on 05-12-2008 06:27 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •