SVCHOST.EXE – Virus Induc

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SVCHOST.EXE – Virus Induc removal

FileMD5Virus Alias
SVCHOST.EXE 98b68206c1551d9365930a097148d003 Virus Induc
SVCHOST.EXE 98b68206c1551d9365930a097148d003 Trojan Downloader
SVCHOST.EXE 98b68206c1551d9365930a097148d003 Backdoor Hupigon
SVCHOST.EXE 98b68206c1551d9365930a097148d003 Trojan Agent

SVCHOST.EXE size: 702464 bytes
SVCHOST.EXE hash: 98B68206C1551D9365930A097148D003

Created files:

%Program Files%\Fixed_Directory_Name\all.x
%Program Files%\Fixed_Directory_Name\bingo.x
%Program Files%\Fixed_Directory_Name\coin1.x
%Program Files%\Fixed_Directory_Name\coin10.x
%Program Files%\Fixed_Directory_Name\coin100.x
%Program Files%\Fixed_Directory_Name\coin1000.x
%Program Files%\Fixed_Directory_Name\coin100t.x
%Program Files%\Fixed_Directory_Name\coin10t.x
%Program Files%\Fixed_Directory_Name\coin2.x
%Program Files%\Fixed_Directory_Name\coin20.x
%Program Files%\Fixed_Directory_Name\coin200.x
%Program Files%\Fixed_Directory_Name\coin2000.x
%Program Files%\Fixed_Directory_Name\coin20t.x
%Program Files%\Fixed_Directory_Name\coin5.x
%Program Files%\Fixed_Directory_Name\coin50.x
%Program Files%\Fixed_Directory_Name\coin500.x
%Program Files%\Fixed_Directory_Name\coin5000.x
%Program Files%\Fixed_Directory_Name\coin50t.x
%Program Files%\Fixed_Directory_Name\desknum.x
%Program Files%\Fixed_Directory_Name\Music1.mid
%Program Files%\Fixed_Directory_Name\RotDllf.dll
%Program Files%\Fixed_Directory_Name\RotGame.exe
%Program Files%\Fixed_Directory_Name\star.x
%Program Files%\Fixed_Directory_Name\titleball.x
%TEMP%\svchost.exe
%TEMP%\???????????.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\scvhostp\Type: 10010000
HKLM\System\CurrentControlSet\Services\scvhostp\Start: 02000000
HKLM\System\CurrentControlSet\Services\scvhostp\DisplayName: scvhostp
HKLM\System\CurrentControlSet\Services\scvhostp\ImagePath: %TEMP%\svchost.exe -k

Detected by UnHackMe:

SVCHOST.EXE
Default location: %TEMP%\SVCHOST.EXE

Dropper information:
MD5: 5d611e2f836a782f9c4c4ed9b44822e5
File size: 3192832 bytes

Leave a Reply