Svdhost.exe ?

#1 eaglehorse

Member

Group: Members
Posts: 18
Joined: 12-October 07
Gender:Male
Location:S.C,USA

Posted 27 November 2007 - 01:51 PM

I am not familiar with Vista yet. I have a question about a process in vista. This example is pulled out of a HJT log.
[qoute]O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe . It also shows up in other areas of log.[/quote]
My question is it is aparently signed by Microsoft so I am assuming it is a Vista process and not a keyloggeras CC listed.

CC said:

Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/

Next question is does this process have the ability to be hijacked and turn it into a keylogger?
Thanks in advance for help.

#2 figgis41

Distinguished Member

Group: Members
Posts: 799
Joined: 07-May 07
Gender:Male
Location:Hull England

Posted 27 November 2007 - 02:55 PM

hi,,, i think this might answer some questions,,,,, have a good read its crazy,,,

http://news.softpedia.com/news/Forget-abou...oft-58752.shtml

by the way a lot of people are reporting that there rigs are doing alot of HDD thrashing when in idal,,,, this is not just down to the new auto defrag on vista its all these vista programs collecting info redy to send off on your next update,,,,,,,,, or i could be a parionoid nutball,,,,,,, i loged onto the black vipers site and closed down all un needed services & hey presto the thrashing stoped,,,,,,
good luck,,,,,,,, figgis41

Figgis,,,, LUFC

#3 Jacee

Bleeping entraÎner

Group: Malware Response Instructor
Posts: 3,465
Joined: 24-September 04
Gender:Female

Posted 27 November 2007 - 10:32 PM

Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?

If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately

Please do this first!
From a known, "clean machine" (not the one that's infected), change all your passwords and notify your bank if you have any critical information, such as credit cards or online banking that you've used on the infected machine.

Next,
Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Right click on it and choose "Run as Administrator". Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/forum22.html
Please be patient as we have a lot of people with malware infections and most all of our HJT Team members work on several forums.

MS MVP Windows-Security 2006-2012
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop

#4 eaglehorse

Member

Group: Members
Posts: 18
Joined: 12-October 07
Gender:Male
Location:S.C,USA

Posted 27 November 2007 - 11:12 PM

Jacee said:

Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?
If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately

Not my log but thanks for the concern. I have XP. This is one I was looking at trying to get use to vista's processes. :huh: