Siraniko's Box: Trojan: System32/system32/svchost.exe

Monday, June 7, 2010

Trojan: System32/system32/svchost.exe

Trojan named svchost.exe (not a windows file)
found on

C:\Windows\System32\system32

Files:
C:\Windows\System32\system32\qwe.exe
C:\Windows\System32\system32\svchosts.exe
C:\Windows\System32\system32\svchosts213.exe

Registry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies

Download Malwarebytes

Siraniko's Box

Monday, June 7, 2010

Trojan: System32/system32/svchost.exe

No comments:

Categories