Tag Archives: svc.exe

SVC.EXE is Trojan Malpack

The file SVC.EXE is identified as a virus dropper. The dropper SVC.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center. The file SVC.EXE loads into the computer memory and tries to connect to the dangerous web site. Usually the SVC.EXE dropper does not infect the […]
More…

Removed: sdra64.exe, SVC.EXE, winamnc.dll, WINBUDUMP.EXE, opeF.exe, BINFIX7080010000.EXE, DSKCLNWIZ.DLL, ssqpqp.dll Restored: TERMDD.SYS (multi trojan – Zbot and TDSS)

Malware: g9aaf1.exe Removed: C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\SVC.EXE C:\WINDOWS\system32\winamnc.dll C:\WINDOWS\SYSTEM32\WINBUDUMP.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\opeF.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\BINFIX7080010000.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\DESKTOP CLEANUP WIZARD\DSKCLNWIZ.DLL C:\WINDOWS\system32\ssqpqp.dll Restored: C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value Item Name: termdd.sys – restored Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS Type: System Drivers Infected by Rootkit Item […]
More…

Removed: setupupdater0002.exe, ohydy.exe, regedit.exe, sdra64.exe, lsass.exe, svc.exe, svw.exe, svx.exe, ope17.exe, opeB.exe, fFollower.exe (multi trojan – TDSS, Zeus, FakeAV – Antimalware Doctor)

Malware: g16b2e.exe Removed: C:\Documents and Settings\Administrator\Application Data\B34B7AF9CB40065433C8C631C37A9A2D\setupupdater0002.exe C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope17.exe C:\Documents and Settings\Administrator\Local Settings\Temp\opeB.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value 1.2 Item Name: Follower Author: Related […]
More…

Removed: C:\WINDOWS\svc.exe (trojan Delf)

Malware: cs.exe Removed: C:\WINDOWS\svc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: load Author: Unknown Related File: C:\WINDOWS\svc.exe Type: Win.ini Item Name: svc.exe Author: Related File: C:\WINDOWS\SVC.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load Value: “C:\WINDOWS\svc.exe” Files: C:\WINDOWS\svc.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: servicelayer.exe, svw.exe, C:\WINDOWS\lsass.exe, svc.exe, svchosty.exe, C:\WINDOWS\ctfmon.exe (trojan Microjoin)

Malware: Removed: C:\WINDOWS\servicelayer.exe C:\WINDOWS\svw.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope6.exe C:\Documents and Settings\Administrator\Local Settings\Temp\svchosty.exe C:\WINDOWS\ctfmon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: servicelayer Author: Unknown Related File: C:\WINDOWS\SERVICELAYER.EXE Type: Registry Run Item Name: netw Author: Unknown Related File: C:\WINDOWS\SVW.EXE Type: Registry Run Item Name: lsass Author: Unknown Related File: C:\WINDOWS\LSASS.EXE Type: Registry Run Item Name: netc […]
More…

Removed: odbnsy.exe, svc.exe, svx.exe, wdmon.exe, svw.exe, ope6.exe, svchosty.exe (trojan Microjoin)

Malware: 123!aaaaaaaa.exe Removed: C:\WINDOWS\odbnsy.exe C:\WINDOWS\svc.exe C:\WINDOWS\svx.exe C:\WINDOWS\wdmon.exe C:\WINDOWS\svw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope6.exe C:\Documents and Settings\Administrator\Local Settings\Temp\svchosty.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: odnexy Author: Unknown Related File: C:\WINDOWS\ODBNSY.EXE Type: Registry Run Item Name: netc Author: Unknown Related File: C:\WINDOWS\SVC.EXE Type: Registry Run Item Name: netx Author: Unknown Related File: C:\WINDOWS\SVX.EXE Type: Registry Run Item Name: […]
More…

Removed: svchosty.exe, ope5.exe, svc.exe, svw.exe, svx.exe (trojan Microjoin)

Malware: Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\svchosty.exe C:\WINDOWS\ope5.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: netx Author: Unknown Related File: C:\WINDOWS\SVX.EXE Type: Registry Run Item Name: netw Author: Unknown Related File: C:\WINDOWS\SVW.EXE Type: Registry Run Item Name: netc Author: Unknown Related File: C:\WINDOWS\SVC.EXE Type: Registry Run Item Name: svx.exe Author: Unknown Related File: C:\WINDOWS\SVX.EXE […]
More…

Removed: ope4.exe, svchosty.exe, lsass.exe, svc.exe, svw.exe (trojan Microjoin)

Malware: asd23434ff.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\ope4.exe C:\Documents and Settings\Administrator\Local Settings\Temp\svchosty.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: netw Author: Unknown Related File: C:\WINDOWS\SVW.EXE Type: Registry Run Item Name: lsass Author: Unknown Related File: C:\WINDOWS\LSASS.EXE Type: Registry Run Item Name: netc Author: Unknown Related File: C:\WINDOWS\SVC.EXE Type: Registry Run Item Name: svw.exe Author: […]
More…

Removed: lsass.exe, odbnsy.exe, sms.exe, svc.exe, svw.exe

Malware: 55ttr.exe Removed: C:\WINDOWS\lsass.exe C:\WINDOWS\odbnsy.exe C:\WINDOWS\sms.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.24 – Kaspersky 7.0.0.125 2010.03.24 – McAfee 5930 2010.03.24 – Microsoft 1.5605 2010.03.24 TrojanDropper:Win32/Microjoin.gen!B NOD32 4971 2010.03.24 a variant of Win32/Kryptik.DFO —————————————————————————————————————————- Additional information File size: 2015744 bytes MD5 : 769c38d76e3e99a0fbf4ea58b071b371 SHA1 : 5e9c127892ccfc6df9aabd0e739749382fdc2dc5 SHA256: b6472da2cc868ec09c472acec226d95ac04e0a322db4b9b3ea61c38e5768435b —————————————————————————————————————————- Installation […]
More…

Removed: ctfmon.exe, lsass.exe, odbnsy.exe, sms.exe, svc.exe, svw.exe

Malware: 50.exe Removed: C:\WINDOWS\ctfmon.exe C:\WINDOWS\lsass.exe C:\WINDOWS\odbnsy.exe C:\WINDOWS\sms.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.17 Trojan-Dropper:W32/Mudrop.D Kaspersky 7.0.0.125 2010.03.17 Trojan-Dropper.Win32.Mudrop.hch McAfee 5922 2010.03.16 – Microsoft 1.5605 2010.03.17 TrojanDropper:Win32/Microjoin.gen!B NOD32 4950 2010.03.16 a variant of Win32/Kryptik.CZA —————————————————————————————————————————- Additional information File size: 2384384 bytes MD5   : a8edb5fae8980dcfd4bfa83c415dd761 SHA1  : df248d95560bb7c03c70fcfa053f9f2f52a4e306 SHA256: b6b1a7af5229f62e4cbd538102cadb79416334ca87d3b1a7962a9a50c269c48e —————————————————————————————————————————- Installation When the […]
More…

Removed: winlogon32.exe, smss32.exe, svc.exe, lsass.exe, localxmlruntime.dll, nvwrfont50.exe, 376bcd.exe, odbn0.exe

Malware: 45089.exe Removed: C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\system32\smss32.exe C:\WINDOWS\svc.exe C:\WINDOWS\lsass.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\localxmlruntime\localxmlruntime.dll C:\Documents and Settings\Administrator\Application Data\nvwrfont50\nvwrfont50.exe C:\Documents and Settings\Administrator\Application Data\376bcd.exe C:\WINDOWS\odbn0.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.08 – Kaspersky 7.0.0.125 2010.02.08 – McAfee 5885 2010.02.07 – Microsoft 1.5406 2010.02.08 – NOD32 4847 2010.02.08 a variant of Win32/Kryptik.CDU —————————————————————————————————————————- Additional information File size: […]
More…

Removed: winlogon32.exe, sdra64.exe, lsass.exe, svc.exe, smss32.exe, odbn0.exe

Malware: load.exe Removed: C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\system32\smss32.exe C:\WINDOWS\odbn0.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.01.23 Trojan.Generic.CJ.AJYK Kaspersky 7.0.0.125 2010.01.23 Trojan-Dropper.Win32.Mudrop.fty McAfee 5870 2010.01.23 – Microsoft 1.5405 2010.01.23 TrojanDropper:Win32/Microjoin.gen!B NOD32 4800 2010.01.23 a variant of Win32/Kryptik.BCR Symantec 20091.2.0.41 2010.01.23 Trojan Horse —————————————————————————————————————————- Additional information File size: 1915904 bytes MD5 : b0cf55e2028f6b3dde658c3b9c4fc60a SHA1 […]
More…