svchost.exe (5.1.2600.0)

Bevat in software
Naam:	Windows XP Home Edition, Deutsch
Vergunning:	commercieel
De verbinding van de informatie:	http://www.microsoft.com/windowsxp/
De details van het dossier
De weg van het dossier:	C:\WINDOWS\system32 \ svchost.exe
De datum van het dossier:	2002-08-29 14:00:00
Versie:	5.1.2600.0
De grootte van het dossier:	12.800 bytes
De knoeiboel van de controlesom en van het dossier
CRC32:	A799DDDB
MD5:	ADBB 33D5 893B CF08 E75E A54B B566 9205
SHA1:	23C5 5CF3 635D 2F77 B119 F639 853A 0A89 869E 30F3
Het middelinformatie van de versie
Firmanaam:	Microsoft Corporation
De beschrijving van het dossier:	Generic Host Process for Win32 Services
Het werkende systeem van het dossier:	Windows NT, Windows 2000, Windows XP, Windows 2003
Het type van dossier:	Application
De versie van het dossier:	5.1.2600.0
Interne naam:	svchost.exe
Wettelijk auteursrecht:	� Microsoft Corporation. All rights reserved.
Originele filename:	svchost.exe
De naam van het product:	Microsoft� Windows� Operating System
De versie van het product:	5.1.2600.0

svchost.exe werd gevonden in de volgende rapporten:


Backdoor.Litmus.203.b
Technische details ...It copies itself as %windir%RandomSvchost.exe. NOTE: %windir% is a variable.... ...LTM2 %windir%RandomSvchost.exe in the registry key... De instructies van de verwijdering ...LTM2 %windir%RandomSvchost.exe from the registry key... ...Scroll through the list, and look for Svchost.exe If you find the file, click... ...LTM2 %windir%RandomSvchost.exe Exit the Registry Editor.... Bron: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.litmus.203.b.html
Backdoor.XTS
OngeveerBackdoor.XTS ...to the compromised system. The main module, Svchost.exe, is packed with UPX. Also Known As: Backdoor-ASL... Technische details ...Drops the following files: %Windows%Svchost.exe %System%Extapi.dll... ...System Important Message. Path: %Windows%Svchost.exe -k ras. Injects Extapi.dll and Sysmsg.dll... Bron: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xts.html
Spyware.Shopnav.dl
Technische details ...File names: Svchost.exe When Spyware.Shopnav is installed,... Bron: http://securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.dl.html
W32.BlueCode.Worm
Technische details ...Then, the .dll creates the C:Svchost.exe file and executes it. Svchost.exe performs the infection... ...First, the value Domain Manager C:svchost.exe is added to the registry key... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.bluecode.worm.html
W32.Jeefo
Technische details ...first-generation W32.Jeefo executable. Drop it as Svchost.exe (36,352 bytes) into the %Windir% folder.... ...program parameter that specifies an infected application, which has dropped and run Svchost.exe. It will quit.... ..."PowerManager"="%windir%svchost.exe" in the registry key:... De instructies van de verwijdering ..."PowerManager"="%windir%svchost.exe" Exit the Registry Editor.... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.jeefo.html
W32.Welchia.Worm
Technische details ...Makes a copy of %System%DllcacheTftpd.exe as %System%Winssvchost.exe. NOTE:... ...Service Binary: %System%winssvchost.exe This service will be set to... ...machine and instructs the victim machine to connect and download Dllhost.exe and Svchost.exe from the attacking machine.... ...If the %System%dllcache ftpd.exe file exists, the worm may not download svchost.exe. Checks the computer's operating... ...The worm does not delete the file, %System%WinsSvchost.exe, which is a nonmalicious tftp server.... De instructies van de verwijdering ...values from the registry. Delete the Svchost.exe file. For details on each of these... ...Exit the Registry Editor. 6. Deleting the Svchost.exe file Navigate to the %System%Wins... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
Backdoor.Dewin
Technische details ...Some variants of this Trojan create the file, %Windows%svchost.exe. Adds the value:... ...SystemReg C:\%Windows%svchost.exe run to the following registry... De instructies van de verwijdering ...or: SystemReg C:\%Windows%svchost.exe run Click Registry, and then click... ...Added reference to minor variant which uses svchost.exe filename. Write-up by:... Bron: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html
W32.Assarm@mm
Technische details ...It determines whether the current file name is %windir%Svchost.exe. If it is, the worm then determines... ...If the current file name is not %windir%Svchost.exe, or if the argument "Install Me!" was passed to the worm, then the worm... De instructies van de verwijdering ...95/98/Me, remove the line run=%windir%svchost.exe from the Win.ini file.... ...similar to the following: run=%windir%svchost.exe If the line exists, select... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.assarm@mm.html
W32.HLLW.Cozit
OngeveerBackdoor.XTS ...It copies itself to the Windows folder as Svchost.exe and changes the registry to run this file whenever you start Windows.... Technische details ...When W32.HLLW.Cozit is executed, it copies itself to the Windows folder as Svchost.exe. If the HKEY_CURRENT_USERSoftwareKazaaLocalContent... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cozit.html
W32.Marol@mm
Technische details ...%Windir%TempWkCVX.exe %Windir% empSvchost.exe %System%COMD.exe... ..."admy" = "%windir% empsvchost.exe" "MDriver" = "C:losiram.vbs"... De instructies van de verwijdering ..."admy" = "%windir% empsvchost.exe" "MDriver" = "C:losiram.vbs"... ...... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.marol@mm.html

Navigatie

Doorblader dossiers

• door naam

svchost.exe (5.1.2600.0)

Bevat in software

De details van het dossier

De knoeiboel van de controlesom en van het dossier

Het middelinformatie van de versie

svchost.exe werd gevonden in de volgende rapporten:

Backdoor.Litmus.203.b

Backdoor.XTS

Spyware.Shopnav.dl

W32.BlueCode.Worm

W32.Jeefo

W32.Welchia.Worm

Backdoor.Dewin

W32.Assarm@mm

W32.HLLW.Cozit

W32.Marol@mm

Navigatie