c:\windows\svchost.exe is infected with probably a variant of Win32/Bifrose trojan

Discussion in 'NOD32 version 2 Forum' started by Plazzman, Aug 14, 2007.

Thread Status:
Not open for further replies.
  1. Plazzman

    Plazzman Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    3
    All,

    I keep getting the following error when I recieve the new virus signatures.
    NOD32 Kernel Threat Alert triggered on NIMITZ: c:\windows\svchost.exe is infected with probably a variant of Win32/Bifrose trojan.
    Has been doing this on one server for about 2 weeks now. When I run a scan nothing is found. No extra's in the running services either. Any help is mucho apprecieated!!

    Plazz
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Try to see whether there is something at Startup that is strange. Then enter Safe Mode and perform a full scan. :)
     
  3. ASpace

    ASpace Guest

    Hello !

    This is because NOD scans the operating memory after new update .

    The file is caught by heuristics and is definitely malicious .


    Open Control Center and click on Update -> Update now to ensure your NOD32 is up to date.

    Make sure your settings are the same as listed in this tutorial.

    Boot Windows in Safe Mode , Open Start -> Programs -> ESET -> NOD32
    Make sure it uses "Control Center profile" and push Scan&Clean of all your hard drives . NOD32 will take care of all threats found .

    If the problem still persists:
    1. Download AutoRuns from http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx
    Extract the file and run the one called autoruns . When the program is ready , choose File->Save as and choose to save a log file.
    2. Contact ESET Tech Support via the web-form . Provide them with details about your problem + include a link to this thread + using Copy/Paste put the log file from AutoRuns
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Heuristics is not the same as generic detection though they complement each other.
     
  5. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    As I know,normal svchost is under windows\system32,not under windows.
     
  6. Plazzman

    Plazzman Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    3
    Thank you all for the quick response!!! Working on getting rid of it now.

    Thanks again for the great response..

    Plazz
     
  7. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    591
    Location:
    Canada
    Download KILLBOX and delete that file, it is malware. Proper location of svchost.exe is in system32 folder.
    If its located in any other folder it is malware.
     
Thread Status:
Not open for further replies.