BleepingComputer.com: Svdhost.exe ?

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Svdhost.exe ?

#1 User is offline   eaglehorse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 12-October 07
  • Gender:Male
  • Location:S.C,USA

Posted 27 November 2007 - 01:51 PM

I am not familiar with Vista yet. I have a question about a process in vista. This example is pulled out of a HJT log.
[qoute]O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe . It also shows up in other areas of log.[/quote]
My question is it is aparently signed by Microsoft so I am assuming it is a Vista process and not a keyloggeras CC listed.

CC said:

Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/

Next question is does this process have the ability to be hijacked and turn it into a keylogger?
Thanks in advance for help.

#2 User is offline   figgis41 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 799
  • Joined: 07-May 07
  • Gender:Male
  • Location:Hull England

Posted 27 November 2007 - 02:55 PM

hi,,, i think this might answer some questions,,,,, have a good read its crazy,,,

http://news.softpedia.com/news/Forget-abou...oft-58752.shtml

by the way a lot of people are reporting that there rigs are doing alot of HDD thrashing when in idal,,,, this is not just down to the new auto defrag on vista its all these vista programs collecting info redy to send off on your next update,,,,,,,,, or i could be a parionoid nutball,,,,,,, i loged onto the black vipers site and closed down all un needed services & hey presto the thrashing stoped,,,,,,
good luck,,,,,,,, figgis41
Figgis,,,, LUFC

#3 User is offline   Jacee 

  • Bleeping entraÎner
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 3,465
  • Joined: 24-September 04
  • Gender:Female

Posted 27 November 2007 - 10:32 PM

Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?

If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately

Please do this first!
From a known, "clean machine" (not the one that's infected), change all your passwords and notify your bank if you have any critical information, such as credit cards or online banking that you've used on the infected machine.

Next,
Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Right click on it and choose "Run as Administrator". Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/forum22.html
Please be patient as we have a lot of people with malware infections and most all of our HJT Team members work on several forums.
Posted Image
MS MVP Windows-Security 2006-2012
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop

#4 User is offline   eaglehorse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 12-October 07
  • Gender:Male
  • Location:S.C,USA

Posted 27 November 2007 - 11:12 PM

Jacee said:

Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?
If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately
Not my log but thanks for the concern. I have XP. This is one I was looking at trying to get use to vista's processes. :huh:

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users