"David H. Lipman" wrote:
<span style="color:blue">
> From: "Mees de Roo" <mees.deroo.laatditweg@enditook.tiscali.nederland>
>
> | unless you mean that you have 3 instances of svchost.exe running; that's
> | normal (unfortunately) and about as meaningfull and buggy as rundll(32) at
> | previous windows versions.
>
> | Mees de Roo
>
>
> Let me clarify this...
>
> If the file is named "svchost(3).exe" it has a high probability of being malicious.
>
> It is is not the number of instances of svchost.exe running that is important, it is the
> path from which it runs.
>
> SVCHOST.EXE (or variations thereof) is the most common name used by malware to obfuscate
> the malicious intent.
>
> If the file is executed from %windir%system32 it has the propensity of being legitimate
> (unless trojanized/patched).
>
> If the file is executed in any other location then the chances are extremely high it is
> malicious.
>
> If the file is found running under Win98/ME then the chances are extremely high it is
> malicious.
>
>
> --
> Dave
>
http://www.claymania.com/removal-trojan-adware.html
> Multi-AV -
http://www.pctipp.ch/downloads/dl/35905.asp
>
>
> Service load: </span>
0% 100%
File: svchost(3).exe
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results
will not be stored in the database)
MD5: 8f078ae4ed187aaabc0a305146de6716
Packers detected:
-
Bit9 reports:
Scanner results
Scan taken on 29 Apr 2008 20:05:58 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Yes, the file is executed from %windir%\system32.