Author Topic: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost) (Read 8301 times)

Sergio · « **on:** January 26, 2017, 10:24:43 PM »

Hola, mi RogueKillerCMDX64 me detecta (Proc.Svchostt) y no se como eliminar, me dice Acción, Kill 6500.

Gracias

Curson · « **Reply #1 on:** January 26, 2017, 11:16:00 PM »

Hi Sergio,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller JSON report with your next reply ?

Regards.

Sergio · « **Reply #2 on:** January 27, 2017, 12:24:24 AM »

http://imgur.com/a/93H6G

la estaba buscando. Pero gracias

Curson · « **Reply #3 on:** January 27, 2017, 01:42:17 AM »

Hi Sergio,

That's not it.
Please launch RogueKillerCMD with the following arguments :

Code: [Select]

-scan -params "-reportpath """C:\report.json""""
A new file named report.json should now be present at the root of your drive.
Please attach it with your next reply.

Regards.

Sergio · « **Reply #4 on:** January 27, 2017, 01:50:31 PM »

Ahora no aparece nada, eso es lo que sale en el json

https://mega.nz/#!XQFllKzT!zJSyexnKZCo6qHnvzBviBrgh5h8gNgXvECn4ICLyUGw

Curson · « **Reply #5 on:** January 27, 2017, 06:00:17 PM »

Hi Sergio,

According to the report, it was a false alarm.
Don't hesitate to repost if the [Proc.Svchost] detection is triggered again.

Regards.

Sergio · « **Reply #6 on:** January 27, 2017, 08:17:58 PM »

Estaba en lo cierto, ha sido el Firewall.

Ahí el nuevo scaneo con los 4 detectados.

https://mega.nz/#!SZN2VCpD!bNG_zlA04p1DiVe7pZqf9Jo7wGCzPeP8zdD2wP8FMjw

Sergio · « **Reply #7 on:** January 28, 2017, 04:01:11 PM »

Hola, lo han visto?.

Curson · « **Reply #8 on:** January 29, 2017, 02:44:02 PM »

Hi Sergio,

According to the report, these processes are safe :

Quote

"name": "svchost.exe",
"name_parent": "cmdvirth.exe",
"pid": 6012,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
"pid_parent": 5492,
"path_parent": "C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdvirth.exe",
"file_status": "[7]",
"file_md5": "36F670D89040709013F6A460176767EC",
"file_exists": true,
"file_signed": true,
"file_signer": "Microsoft Windows Publisher",
"file_vtscore": -1,
"status_str": "FOUND",
"is_64": true

They are launched by COMODO Internet Security, probably in a sandboxed state, for analysis purpose.
You don't have to worry about them.

Regards.

Sergio · « **Reply #9 on:** January 29, 2017, 03:39:52 PM »

ok, gracias

Curson · « **Reply #10 on:** January 29, 2017, 04:11:33 PM »

Hi Sergio,

You are welcome.

Regards.

Author Topic: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost) (Read 8301 times)

Sergio

svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Curson

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Sergio

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Curson

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Sergio

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Curson

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Sergio

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Sergio

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Curson

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Sergio

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)

Curson

Re: svchost.exe (Microsoft Publisher) --> Malicious (Proc.Svchost)