is "xvchost.exe" a virus?

Discussion in 'malware problems & news' started by backfolder, Aug 31, 2004.

Thread Status:
Not open for further replies.
  1. backfolder

    backfolder Registered Member

    Joined:
    May 25, 2004
    Posts:
    72
    Location:
    Spain
    I´m sure yes, it is, but It wasn´t in my computer, just was in one friend´s pc. I just kill the process in memory and search in Windows dir. And there was, in System32 folder, so I just rename and reboot to see if the pc works correctly (there was also a xvchost.exe.#####.pf file). After see it was correct I proceed to delete the file, and clean the two O4 entrances in Hijackthis!. The .exe file was 106 KB.
    NOD32 (stand alone) doesn´t detect neither this and another trojan "downloader" called "vchost" also in Windows root folder.
    Sorry, because I should have saved this two files in a .rar or .zip and send it to NOD32 support.

    backfolder.-
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    The real process name is svchost.exe, xvchost.exe ain't the real one.
     
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
  4. backfolder

    backfolder Registered Member

    Joined:
    May 25, 2004
    Posts:
    72
    Location:
    Spain
    Thanks nadirah, I know that process.

    Yep, TAS, it´s a pitty I´ve didn´t sent a copy to NOD32 & KAV. I will try to recover the two files, and tell you so.

    backfolder.-

    EDIT: Unfortunately I wasn´t able to recover it, the only two things I hope helps to ESET people and other possible developers are the name and the weight: xvchost.exe and 106 KB, it remains in memory as a process, it is also accompanied of a .pf file (something like xvchost.exe.#####.pf, where # are numbers). Sorry.
     
    Last edited: Aug 31, 2004
  5. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    The file which you found is a pf file right? I guess you found it in the windows XP Prefetch folder? And why does the file show the numbers in #####? I think the file may be encrypted.
     
  6. backfolder

    backfolder Registered Member

    Joined:
    May 25, 2004
    Posts:
    72
    Location:
    Spain
    That isn´t the real file name, this ##### is a mask, there´s you must put ramdon numbers or predt. numbers made by the virus or your system. For example: xvchost.exe.32261.pf.

    backfolder.-
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.