Adlice forum

Software feedback => RogueKiller => Topic started by: Sergio on January 26, 2017, 10:24:43 PM

Title: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Sergio on January 26, 2017, 10:24:43 PM

Hola, mi RogueKillerCMDX64 me detecta (Proc.Svchostt) y no se como eliminar, me dice Acción, Kill 6500.

Gracias

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Curson on January 26, 2017, 11:16:00 PM

Hi Sergio,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller JSON report with your next reply ?

Regards.

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Sergio on January 27, 2017, 12:24:24 AM

http://imgur.com/a/93H6G

la estaba buscando. Pero gracias

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Curson on January 27, 2017, 01:42:17 AM

Hi Sergio,

That's not it.
Please launch RogueKillerCMD with the following arguments :

Code: [Select]

-scan -params "-reportpath """C:\report.json""""
A new file named report.json should now be present at the root of your drive.
Please attach it with your next reply.

Regards.

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Sergio on January 27, 2017, 01:50:31 PM

Ahora no aparece nada, eso es lo que sale en el json

https://mega.nz/#!XQFllKzT!zJSyexnKZCo6qHnvzBviBrgh5h8gNgXvECn4ICLyUGw

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Curson on January 27, 2017, 06:00:17 PM

Hi Sergio,

According to the report, it was a false alarm.
Don't hesitate to repost if the [Proc.Svchost] detection is triggered again.

Regards.

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Sergio on January 27, 2017, 08:17:58 PM

Estaba en lo cierto, ha sido el Firewall.

Ahí el nuevo scaneo con los 4 detectados.

https://mega.nz/#!SZN2VCpD!bNG_zlA04p1DiVe7pZqf9Jo7wGCzPeP8zdD2wP8FMjw

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Sergio on January 28, 2017, 04:01:11 PM

Hola, lo han visto?.

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Curson on January 29, 2017, 02:44:02 PM

Hi Sergio,

According to the report, these processes are safe :

Quote

                "name": "svchost.exe",
                "name_parent": "cmdvirth.exe",
                "pid": 6012,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
                "pid_parent": 5492,
                "path_parent": "C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdvirth.exe",
                "file_status": "[7]",
                "file_md5": "36F670D89040709013F6A460176767EC",
                "file_exists": true,
                "file_signed": true,
                "file_signer": "Microsoft Windows Publisher",
                "file_vtscore": -1,
                "status_str": "FOUND",
                "is_64": true

They are launched by COMODO Internet Security, probably in a sandboxed state, for analysis purpose.
You don't have to worry about them.

Regards.

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Sergio on January 29, 2017, 03:39:52 PM

ok, gracias

Title: Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)
Post by: Curson on January 29, 2017, 04:11:33 PM

Hi Sergio,

You are welcome.

Regards.