SVCCHOST.EXE is Trojan Miner

August 22, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

We checked up the file SVCCHOST.EXE and found it hazardous.
The file SVCCHOST.EXE must be deleted from the system immediately.
Kill the process SVCCHOST.EXE and remove SVCCHOST.EXE from the Windows startup.

Malware Analysis of SVCCHOST.EXE
Full path on a computer: %WinDir%\addins\svcchost.exe

Detected by UnHackMe:

SVCCHOST.EXE
Default location: %WinDir%\addins\svcchost.exe

Removal Results: Success
Number of reboot: 1

SVCCHOST.EXE is known as:

Trojan.Miner

SVCCHOST.EXE hash:

  • MD5: cddadc143115a821d0bc8ab500851f13
The file tries to connect to the dangerous web site.
How to quickly detect SVCCHOST.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Service Host!: “%WinDir%\explorer.exe “%WinDir%\addins\svcchost.exe”"
Folders:
  • %Temp%\_intel
Files:
  • %Temp%\_intel\miner.dll
  • %Temp%\_intel\system32.exe
  • %Temp%\_intel\usft_ext.dll
  • %WinDir%\addins\IMG_359485_4215.jpg
  • %WinDir%\addins\svcchost.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Miner, SVCCHOST.EXE, Trojan

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.