I think I've got a virus/trojan please hellp

[benjamin]

Hi everybody

A couple of days ago I noticed some heavy network traffic on my
computer (winxp). In the task manager I found a process
"svcost1.exe", and when I terminated it the traffic was gone the same
moment. I have scanned my computer with AVG (updated) and "The
Cleaner" and none of them found anything. When I search on google on
"svcost1.exe" I get 0 results. I have installed Zone Alarm which
blocks the traffic but I would still like to remove the
virus/trojan/worm because my computer has been acting very strange the
last couple of days.

Hope someone can help
Benjamin

 

[W.S.Blevins]

Hi everybody

A couple of days ago I noticed some heavy network traffic on my
computer (winxp). In the task manager I found a process
"svcost1.exe", and when I terminated it the traffic was gone the same
moment. I have scanned my computer with AVG (updated) and "The
Cleaner" and none of them found anything. When I search on google on
"svcost1.exe" I get 0 results. I have installed Zone Alarm which
blocks the traffic but I would still like to remove the
virus/trojan/worm because my computer has been acting very strange the
last couple of days.

Hope someone can help
Benjamin

Send a copy a reputable AV company for analysis.

 

[Nick FitzGerald]

Send a copy a reputable AV company for analysis.

To save to OP looking up how to do this for all the AV companies, here are the
suspicious file submission addresses of the better-known AV companies. I'd
suggest that you pick the addresses of several that you trust and send them
the file as an attachment to an Email message...

Command Software <[email protected]>
Computer Associates (US) <[email protected]>
Computer Associates (Vet/EZ) <[email protected]>
DialogueScience (Dr. Web) <[email protected]>
Eset (NOD32) <[email protected]>
F-Secure Corp. <[email protected]>
Frisk Software (F-PROT) <[email protected]>
Grisoft (AVG) <[email protected]>
H+BEDV (AntiVir): <[email protected]>
Kaspersky Labs <[email protected]>
Network Associates (McAfee) <[email protected]>
Norman (NVC) <[email protected]>
Sophos Plc. <[email protected]>
Symantec (Norton) <[email protected]>
Trend Micro (PC-cillin) <[email protected]>
(Trend may only accept files from users of its products)

 

[W.S.Blevins]

I'd
suggest that you pick the addresses of several that you trust and send them
the file as an attachment to an Email message...

Preferably zip compressed.

 

[benjamin]

Thank you. I have sent a copy to AVG now.

Benjamin

 

[Joep]

If the filename is really svhost1.exe then my money is on *this is a virus
or trojan*. This is NOT a 'normal' Windows process for sure, but at the same
time it tries to look as one (svchost.exe). Rules of thumb say, this is bad,
distrust it, disable it.

So, rename the file to svhost1.bla ... search registry for svhost1.exe, back
up the key, and remove it.

 

[benjamin]

Follow up:

I have just recieved the following from AVG:

"Hello,
file you send is commercial FTP daemon which is often used by
attackers as backdoor because of it's easy configuration. Delete this
file. Probably way of infection is open shared drive or DCOM RPC bug
(used by Lovsan aka Blaster). Use windowsupdate to apply all patch.