Help - Search - Members - Calendar
Full Version: Svdhost.exe ?
BleepingComputer.com > Operating Systems > Windows Vista
   
eaglehorse
Nov 27 2007, 01:51 PM
I am not familiar with Vista yet. I have a question about a process in vista. This example is pulled out of a HJT log.
[qoute]O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe . It also shows up in other areas of log.[/quote]
My question is it is aparently signed by Microsoft so I am assuming it is a Vista process and not a keyloggeras CC listed.
QUOTE(CC)
Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/

Next question is does this process have the ability to be hijacked and turn it into a keylogger?
Thanks in advance for help.
figgis41
Nov 27 2007, 02:55 PM
hi,,, i think this might answer some questions,,,,, have a good read its crazy,,,

http://news.softpedia.com/news/Forget-abou...oft-58752.shtml

by the way a lot of people are reporting that there rigs are doing alot of HDD thrashing when in idal,,,, this is not just down to the new auto defrag on vista its all these vista programs collecting info redy to send off on your next update,,,,,,,,, or i could be a parionoid nutball,,,,,,, i loged onto the black vipers site and closed down all un needed services & hey presto the thrashing stoped,,,,,,
good luck,,,,,,,, figgis41
Jacee
Nov 27 2007, 10:32 PM
Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?

If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately

Please do this first!
From a known, "clean machine" (not the one that's infected), change all your passwords and notify your bank if you have any critical information, such as credit cards or online banking that you've used on the infected machine.

Next,
Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Right click on it and choose "Run as Administrator". Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/forum22.html
Please be patient as we have a lot of people with malware infections and most all of our HJT Team members work on several forums.


eaglehorse
Nov 27 2007, 11:12 PM
QUOTE(Jacee)
Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?
If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately
Not my log but thanks for the concern. I have XP. This is one I was looking at trying to get use to vista's processes. thumbup.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.