svchosts.exe - Dangerous
svchosts.exe
Manual removal instructions:
Antivirus Report of svchosts.exe:
svchosts.exe
Trojan Frutca.
Creates the following hidden files:
* %Program Files%\WinRAR\_RarExt.exe
* %System%\_textpad.exe
* %System%\svchosts.exe
* %System%\kernell32.dll
* %System%\avmtapi.tsp
* %System%\system.dll
Adds "®Windows Update" = "svchosts.exe" to the Windows startup registry keys.
Modifies the value:
"(Default)" = "%System%\_textpad.exe %1"
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open
so that the Trojan is executed every time a .txt file is opened.
Modifies the value:
"(Default)" = "\_Reader32.exe" "%1"
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AcroExch.Document\shell\open
so that that the Trojan is executed every time a .pdf file is opened.
Adds the following values:
"ProviderID5" = "0x00000006"
"ProviderFileName5" = "avmtapi.tsp"
"AllProviders" = "true"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
to register a CAPI driver.
Terminate antiviral programs.
Attempts to use the CAPI driver to manipulate ISDN connections.
Attempts to send stolen information to the remote attacker.
Kill it using RegRun Startup Optimizer.
| svchosts.exe | Malware |
| svchosts.exe | Dangerous |
| svchosts.exe | High Risk |
Creates the following hidden files:
* %Program Files%\WinRAR\_RarExt.exe
* %System%\_textpad.exe
* %System%\svchosts.exe
* %System%\kernell32.dll
* %System%\avmtapi.tsp
* %System%\system.dll
Adds "®Windows Update" = "svchosts.exe" to the Windows startup registry keys.
Modifies the value:
"(Default)" = "%System%\_textpad.exe %1"
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open
so that the Trojan is executed every time a .txt file is opened.
Modifies the value:
"(Default)" = "
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AcroExch.Document\shell\open
so that that the Trojan is executed every time a .pdf file is opened.
Adds the following values:
"ProviderID5" = "0x00000006"
"ProviderFileName5" = "avmtapi.tsp"
"AllProviders" = "true"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
to register a CAPI driver.
Terminate antiviral programs.
Attempts to use the CAPI driver to manipulate ISDN connections.
Attempts to send stolen information to the remote attacker.
Kill it using RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.