scchost.exe - Dangerous
scchost.exe
Manual removal instructions:
Antivirus Report of scchost.exe:
scchost.exe
W32.HLLW.Donk is a worm that spreads through network shares, opening numerous TCP ports in the process.
Also has backdoor capabilities that give a hacker access to infected computer.
Also Known as Backdoor.SdBot.gen
Copies itself as %System%\Scchost.exe.
Adds the registry value: "Services Host"="Scchost.exe"
to the registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
If the filename of the worm is not scchost.exe, the program will kill itself and start scchost.exe as a service.
Attempts to spread using the following file shares:
Administrator
Guest
Owner
If a connection is made, the worm copies itself to the following folders:
Winnt\Profiles\All Users\Start Menu\Programs\Startup
Windows\Start Menu\Programs\Startup
Documents and Settings\All Users\Start Menu\Programs\Startup
Connects to a specific IRC server and joins a specific channel to accept instructions from the hacker:
Flooding a specified host
Downloading a file from the hacker
Executing a file
Use RegRun Startup Optimizer to remove it from startup.
| scchost.exe | Malware |
| scchost.exe | Dangerous |
| scchost.exe | High Risk |
Also has backdoor capabilities that give a hacker access to infected computer.
Also Known as Backdoor.SdBot.gen
Copies itself as %System%\Scchost.exe.
Adds the registry value: "Services Host"="Scchost.exe"
to the registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
If the filename of the worm is not scchost.exe, the program will kill itself and start scchost.exe as a service.
Attempts to spread using the following file shares:
Administrator
Guest
Owner
If a connection is made, the worm copies itself to the following folders:
Winnt\Profiles\All Users\Start Menu\Programs\Startup
Windows\Start Menu\Programs\Startup
Documents and Settings\All Users\Start Menu\Programs\Startup
Connects to a specific IRC server and joins a specific channel to accept instructions from the hacker:
Flooding a specified host
Downloading a file from the hacker
Executing a file
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.