svchost.exe (5.1.2600.0)

Contained in software
Name:	Windows XP Home Edition, Deutsch
License:	commercial
Information link:	http://www.microsoft.com/windowsxp/
File details
Filepath:	C:\WINDOWS\system32 \ svchost.exe
Filedate:	2002-08-29 14:00:00
Version:	5.1.2600.0
Filesize:	12.800 bytes
Checksum and file hashes
CRC32:	A799DDDB
MD5:	ADBB 33D5 893B CF08 E75E A54B B566 9205
SHA1:	23C5 5CF3 635D 2F77 B119 F639 853A 0A89 869E 30F3
Version resource information
CompanyName:	Microsoft Corporation
FileDescription:	Generic Host Process for Win32 Services
FileOS:	Windows NT, Windows 2000, Windows XP, Windows 2003
FileType:	Application
FileVersion:	5.1.2600.0
InternalName:	svchost.exe
LegalCopyright:	© Microsoft Corporation. All rights reserved.
OriginalFilename:	svchost.exe
ProductName:	Microsoft® Windows® Operating System
ProductVersion:	5.1.2600.0

svchost.exe was found in the following malware reports:


Backdoor.Litmus.203.b
Technical details ...It copies itself as %windir%RandomSvchost.exe. NOTE: %windir% is a variable.... ...LTM2 %windir%RandomSvchost.exe in the registry key... Removal instructions ...LTM2 %windir%RandomSvchost.exe from the registry key... ...Scroll through the list, and look for Svchost.exe If you find the file, click... ...LTM2 %windir%RandomSvchost.exe Exit the Registry Editor.... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.litmus.203.b.html
Backdoor.XTS
About Backdoor.XTS ...to the compromised system. The main module, Svchost.exe, is packed with UPX. Also Known As: Backdoor-ASL... Technical details ...Drops the following files: %Windows%Svchost.exe %System%Extapi.dll... ...System Important Message. Path: %Windows%Svchost.exe -k ras. Injects Extapi.dll and Sysmsg.dll... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xts.html
Spyware.Shopnav.dl
Technical details ...File names: Svchost.exe When Spyware.Shopnav is installed,... Source: http://securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.dl.html
W32.BlueCode.Worm
Technical details ...Then, the .dll creates the C:Svchost.exe file and executes it. Svchost.exe performs the infection... ...First, the value Domain Manager C:svchost.exe is added to the registry key... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.bluecode.worm.html
W32.Jeefo
Technical details ...first-generation W32.Jeefo executable. Drop it as Svchost.exe (36,352 bytes) into the %Windir% folder.... ...program parameter that specifies an infected application, which has dropped and run Svchost.exe. It will quit.... ..."PowerManager"="%windir%svchost.exe" in the registry key:... Removal instructions ..."PowerManager"="%windir%svchost.exe" Exit the Registry Editor.... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.jeefo.html
W32.Welchia.Worm
Technical details ...Makes a copy of %System%DllcacheTftpd.exe as %System%Winssvchost.exe. NOTE:... ...Service Binary: %System%winssvchost.exe This service will be set to... ...machine and instructs the victim machine to connect and download Dllhost.exe and Svchost.exe from the attacking machine.... ...If the %System%dllcache ftpd.exe file exists, the worm may not download svchost.exe. Checks the computer's operating... ...The worm does not delete the file, %System%WinsSvchost.exe, which is a nonmalicious tftp server.... Removal instructions ...values from the registry. Delete the Svchost.exe file. For details on each of these... ...Exit the Registry Editor. 6. Deleting the Svchost.exe file Navigate to the %System%Wins... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
Backdoor.Dewin
Technical details ...Some variants of this Trojan create the file, %Windows%svchost.exe. Adds the value:... ...SystemReg C:\%Windows%svchost.exe run to the following registry... Removal instructions ...or: SystemReg C:\%Windows%svchost.exe run Click Registry, and then click... ...Added reference to minor variant which uses svchost.exe filename. Write-up by:... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html
W32.Assarm@mm
Technical details ...It determines whether the current file name is %windir%Svchost.exe. If it is, the worm then determines... ...If the current file name is not %windir%Svchost.exe, or if the argument "Install Me!" was passed to the worm, then the worm... Removal instructions ...95/98/Me, remove the line run=%windir%svchost.exe from the Win.ini file.... ...similar to the following: run=%windir%svchost.exe If the line exists, select... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.assarm@mm.html
W32.HLLW.Cozit
About W32.HLLW.Cozit ...It copies itself to the Windows folder as Svchost.exe and changes the registry to run this file whenever you start Windows.... Technical details ...When W32.HLLW.Cozit is executed, it copies itself to the Windows folder as Svchost.exe. If the HKEY_CURRENT_USERSoftwareKazaaLocalContent... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cozit.html
W32.Marol@mm
Technical details ...%Windir%TempWkCVX.exe %Windir% empSvchost.exe %System%COMD.exe... ..."admy" = "%windir% empsvchost.exe" "MDriver" = "C:losiram.vbs"... Removal instructions ..."admy" = "%windir% empsvchost.exe" "MDriver" = "C:losiram.vbs"... ...... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.marol@mm.html

Navigation

Browse files

• by name

svchost.exe (5.1.2600.0)

Contained in software

File details

Checksum and file hashes

Version resource information

svchost.exe was found in the following malware reports:

Backdoor.Litmus.203.b

Backdoor.XTS

Spyware.Shopnav.dl

W32.BlueCode.Worm

W32.Jeefo

W32.Welchia.Worm

Backdoor.Dewin

W32.Assarm@mm

W32.HLLW.Cozit

W32.Marol@mm

Navigation