Windows started behaving a little weird yesterday (i mean: more than ususal ;), so i immediately ran an online scan with bitdefender (asked for a second opinion).
Turns out i had 3 trojans lodged on the system:
- a trojan.generic variant (243424 or something like that, i didn't save the report)
- trojan.dropper.delf.BAM
- and a wonderful little backdoor (backdoor.sdbot.dfsx) masked as svuhost.exe

They have now been purged but i feel far from safe since NOD32 did not detect them the first time (neither with real-time acess protection or by scanning). So what now? Should i assume the antivirus as been compromised or isn't working as it should? Will a re-install solve it, or, pardon me for suggesting, should i consider switching to another product?

Any solutions?

edit: forgot to mention, if it's relevant, i'm using NOD32 v3.0, virus signature 3263 (20080711)

Did you run a deep scan with NOD? It's always wise to run at least once in a while. It's always a possibility too that Bitdefender found false positives.

With a file named svuhost.exe i doubt ,it's a fP.I seen it often on torrent sites last 2 weeks.

{QUOTE-> Did you run a deep scan with NOD? It's always wise to run at least once in a while. It's always a possibility too that Bitdefender found false positives. <-QUOTE}

It is very unlikely that svuhost.exe would be a false positive. However, I've seen some commercial keyloggers disguised under such weird names resembling system files.

We always recommend to send such files in a password protected archive to samples[at]eset.com

{QUOTE-> With a file named svuhost.exe i doubt ,it's a fP.I seen it often on torrent sites last 2 weeks. <-QUOTE}

Sorry yes it's unlikely, I thought of that after I had posted. :)

{QUOTE-> It is very unlikely that svuhost.exe would be a false positive. However, I've seen some commercial keyloggers disguised under such weird names resembling system files. <-QUOTE}
Seems to me like an incredible coincidence, that someone would have gone to the trouble of creating such a camouflaged file (svchost is a windows process) with no bad intentions in mind and it turning out on a scan. Also a backdoor isn't the usual FP, am i wrong?

{QUOTE-> We always recommend to send such files in a password protected archive to samples[at]eset.com <-QUOTE}
Call me crazy but i imediately deleted it :P ....(regretfully)

Any thoughts on what to do now?
I'm on a static ip (because of router port forwarding i have to) and with such a passive anti-virus (don't mean to trash it, it's the best i've ever used) i couldn't feel more vulnerable.

{QUOTE->


Call me crazy but i imediately deleted it :P ....(regretfully)

Any thoughts on what to do now?
<-QUOTE}Well Crazy. You don't say what other security programs you use if any? Things happen occasionally to even safe internet users. After such an occurance I'd be checking to make sure my internet practices didn't contribute to it and I consider myself a safe surfer.

{QUOTE-> Well Crazy. You don't say what other security programs you use if any? Things happen occasionally to even safe internet users. After such an occurance I'd be checking to make sure my internet practices didn't contribute to it and I consider myself a safe surfer. <-QUOTE}
i might be crazy but i'm not dumb ;)
Besides from the router port-blocking, i'm using sygate personal firewall and ghostsurf.
I'm reluctant to consider myself a safe surfer (not even sure if that exists, unless you just use the web for email, and even so...), but i'm wary enough not to download any crap i find. But there's just no software against human intelligence. Google a list of all available exploits, hacking tools, phishing and pharming sites, activex vulnerabilities, spyware cookies, etc and you'll be crazy to ever consider yourself safe from intrusion. I'll just be glad no to be a sitting duck.

I have recently been affected by svuhost.exe

I have archived the file in question in 7zip format and archived that 7z file in a zip.

~Link removed. No links to possible malware on the forums. - Ron~

(Known) Symptoms:

- Running svuhost.exe process
- Security Center Reports incorrect information
- Windows Firewall and Update settings cannot be modified

Suspected Source:

- Modified Program Setup/Installer