SVCH0ST.EXE – Worm Autorun

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

SVCH0ST.EXE – Worm Autorun removal

FileMD5Virus Alias
SVCH0ST.EXE 091ec4c765f621ad57692b0329f82d52 Worm Autorun
SVCH0ST.EXE 091ec4c765f621ad57692b0329f82d52 Trojan Eldorado
SVCH0ST.EXE 091ec4c765f621ad57692b0329f82d52 Trojan Siggen
SVCH0ST.EXE 091ec4c765f621ad57692b0329f82d52 Trojan Agent
SVCH0ST.EXE 091ec4c765f621ad57692b0329f82d52 Trojan Crypt

SVCH0ST.EXE size: 79669 bytes
SVCH0ST.EXE hash: 091EC4C765F621AD57692B0329F82D52

Created files:

C:\Documents and Settings\Default User\My Documents\My Videos
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe
%WinDir%\system\dllhost.com
%SysDir%\SVCH0ST.EXE
%TEMP%\TEST.EXE
%Common Startmenu%\Programs\Startup\ .exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe
%UserProfile%\Favorites\Links\www.test.com
%UserProfile%\My Documents\My Music\Private Letters.exe
%UserProfile%\Start Menu\Programs\Startup\ .exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/dllhost.com

Detected by UnHackMe:

SVCH0ST.EXE
Default location: %SYSDIR%\SVCH0ST.EXE

Dropper information:
MD5: 091ec4c765f621ad57692b0329f82d52
File size: 79669 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images