c:\windows\svchost.exe is infected with probably a variant of Win32/Bifrose trojan

All,

I keep getting the following error when I recieve the new virus signatures.
NOD32 Kernel Threat Alert triggered on NIMITZ: c:\windows\svchost.exe is infected with probably a variant of Win32/Bifrose trojan.
Has been doing this on one server for about 2 weeks now. When I run a scan nothing is found. No extra's in the running services either. Any help is mucho apprecieated!!

Plazz

 

Try to see whether there is something at Startup that is strange. Then enter Safe Mode and perform a full scan.

 

Hello !

This is because NOD scans the operating memory after new update .

The file is caught by heuristics and is definitely malicious .


Open Control Center and click on Update -> Update now to ensure your NOD32 is up to date.

Make sure your settings are the same as listed in this tutorial.

Boot Windows in Safe Mode , Open Start -> Programs -> ESET -> NOD32
Make sure it uses "Control Center profile" and push Scan&Clean of all your hard drives . NOD32 will take care of all threats found .

If the problem still persists:
1. Download AutoRuns from http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx
Extract the file and run the one called autoruns . When the program is ready , choose File->Save as and choose to save a log file.
2. Contact ESET Tech Support via the web-form . Provide them with details about your problem + include a link to this thread + using Copy/Paste put the log file from AutoRuns

 

Heuristics is not the same as generic detection though they complement each other.

 

As I know,normal svchost is under windows\system32,not under windows.

 

Thank you all for the quick response!!! Working on getting rid of it now.

Thanks again for the great response..

Plazz

 

Download KILLBOX and delete that file, it is malware. Proper location of svchost.exe is in system32 folder.
If its located in any other folder it is malware.