Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svdhost.exe ?


  • Please log in to reply
3 replies to this topic

#1 eaglehorse

eaglehorse

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.C,USA
  • Local time:03:33 AM

Posted 27 November 2007 - 01:51 PM

I am not familiar with Vista yet. I have a question about a process in vista. This example is pulled out of a HJT log.
[qoute]O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe . It also shows up in other areas of log.[/quote]
My question is it is aparently signed by Microsoft so I am assuming it is a Vista process and not a keyloggeras CC listed.
[quote name='CC']Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/[/quote]
Next question is does this process have the ability to be hijacked and turn it into a keylogger?
Thanks in advance for help.

BC AdBot (Login to Remove)

 


#2 figgis41

figgis41

  • Members
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hull England
  • Local time:09:33 AM

Posted 27 November 2007 - 02:55 PM

hi,,, i think this might answer some questions,,,,, have a good read its crazy,,,

http://news.softpedia.com/news/Forget-abou...oft-58752.shtml

by the way a lot of people are reporting that there rigs are doing alot of HDD thrashing when in idal,,,, this is not just down to the new auto defrag on vista its all these vista programs collecting info redy to send off on your next update,,,,,,,,, or i could be a parionoid nutball,,,,,,, i loged onto the black vipers site and closed down all un needed services & hey presto the thrashing stoped,,,,,,
good luck,,,,,,,, figgis41
Figgis,,,, LUFC

#3 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:33 AM

Posted 27 November 2007 - 10:32 PM

Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?

If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately

Please do this first!
From a known, "clean machine" (not the one that's infected), change all your passwords and notify your bank if you have any critical information, such as credit cards or online banking that you've used on the infected machine.

Next,
Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Right click on it and choose "Run as Administrator". Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Please be patient as we have a lot of people with malware infections and most all of our HJT Team members work on several forums.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#4 eaglehorse

eaglehorse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.C,USA
  • Local time:03:33 AM

Posted 27 November 2007 - 11:12 PM

Is this item: O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe showing up in your HJT log?
If it is, you have an SDBot Trojan http://www.sophos.com/security/analyses/w32sdbotni.html
This needs to be taken care of immediately

Not my log but thanks for the concern. I have XP. This is one I was looking at trying to get use to vista's processes. :huh:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users