Archive for the 'SvcHost' Category

fioo32 is trojan dropper

Tuesday, September 29th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: fioo32
Startup Type: SvcHost
Combofix/RSIT Line:

R2 fioo32;fioo32; C:\Windows\sYSteM32\SvchOst.eXE [2008-01-19 21504]

Description: trojan dropper that installed by worm koobface

How to remove: use Malwarebytes` Anti-malware

DnsFilter.sys is a trojan (Trojan.DNSChanger)

Friday, August 28th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: DnsFilter
Filename: DnsFilter.sys
Command: c:\windows\system32\drivers\DnsFilter.sys
Startup Type: driver, svchost
Combofix/RSIT Line:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8085:TCP”= 8085:TCP:ddnsfilter
R2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [7/16/2003 11:41 AM 14336]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [8/23/2009 8:43 AM 38016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

Description: trojan also known as Trojan.DNSChanger, Trojan.Dropper [Symantec], Trojan.Win32.Agent.cupu, [Kaspersky Lab], Trojan-Dropper [Ikarus]

How to remove: use Malwarebytes Anti-malware + use Kaspersky virus removal tool.

drv.sys is worm Koobface

Saturday, July 4th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: drv
Filename: drv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost | drv

Command: c:\program files\drv\drv.sys
Startup Type: driver, svchost
Combofix/RSIT Line:

R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/1/2009 2:55 PM 9344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

Description: worm Koobface also known as Win32.Agent.auoy, Trojan-Dropper.Agent

How to remove: use Malwarebytes Antimalware

msncache is a trojan component

Saturday, June 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msncache
Startup Type: Service (svchost)
Combofix/RSIT Line:

R2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

Description: Unknown trojan component

podmena.sys is a Trojan.Downloader

Friday, June 12th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: podmena
Filename: podmena.sys
Command: c:\program files\podmena\podmena.sys
Startup Type: driver

R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [6/8/2009 11:31 AM 9472]
R2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [8/10/2004 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
podmena REG_MULTI_SZ podmena

Description: Trojan.Downloader

How to remove: use these podmena.sys removal instructions

wjfvju is a malware

Sunday, February 8th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wjfvju
Startup Type:svchost
Combofix/RSIT Line:

R4 wjfvju;wjfvju;c:\windows\system32\SVCHOST.EXE -k wjfvju [2004-08-18 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wjfvju REG_MULTI_SZ wjfvju

Description: unknown malware component