c:\windows\svchost.exe is infected with probably a variant of Win32/Bifrose trojan

Discussion in 'NOD32 version 2 Forum' started by Plazzman, Aug 14, 2007.

Thread Status:
Not open for further replies.
  1. Plazzman

    Plazzman Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    3
    All,

    I keep getting the following error when I recieve the new virus signatures.
    NOD32 Kernel Threat Alert triggered on NIMITZ: c:\windows\svchost.exe is infected with probably a variant of Win32/Bifrose trojan.
    Has been doing this on one server for about 2 weeks now. When I run a scan nothing is found. No extra's in the running services either. Any help is mucho apprecieated!!

    Plazz
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Try to see whether there is something at Startup that is strange. Then enter Safe Mode and perform a full scan. :)
     
  3. ASpace

    ASpace Guest

    Hello !

    This is because NOD scans the operating memory after new update .

    The file is caught by heuristics and is definitely malicious .


    Open Control Center and click on Update -> Update now to ensure your NOD32 is up to date.

    Make sure your settings are the same as listed in this tutorial.

    Boot Windows in Safe Mode , Open Start -> Programs -> ESET -> NOD32
    Make sure it uses "Control Center profile" and push Scan&Clean of all your hard drives . NOD32 will take care of all threats found .

    If the problem still persists:
    1. Download AutoRuns from http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx
    Extract the file and run the one called autoruns . When the program is ready , choose File->Save as and choose to save a log file.
    2. Contact ESET Tech Support via the web-form . Provide them with details about your problem + include a link to this thread + using Copy/Paste put the log file from AutoRuns
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Heuristics is not the same as generic detection though they complement each other.
     
  5. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    As I know,normal svchost is under windows\system32,not under windows.
     
  6. Plazzman

    Plazzman Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    3
    Thank you all for the quick response!!! Working on getting rid of it now.

    Thanks again for the great response..

    Plazz
     
  7. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    592
    Location:
    Canada
    Download KILLBOX and delete that file, it is malware. Proper location of svchost.exe is in system32 folder.
    If its located in any other folder it is malware.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.