|
svchost.exe (5.1.2600.0)
ソフトウェアに含まれている |
|---|
| 名前: | Windows XP Home Edition, Deutsch |
|---|
| 免許証: | 商業 |
|---|
| 情報リンク: | http://www.microsoft.com/windowsxp/ |
|---|
ファイル細部 |
|---|
| ファイル道: | C:\WINDOWS\system32 \ svchost.exe |
|---|
| ファイル日付: | 2002-08-29 14:00:00 |
|---|
| 版: | 5.1.2600.0 |
|---|
| ファイルサイズ: | 12.800 バイト |
|---|
検査合計及びファイルは切り刻む |
|---|
| CRC32: | A799DDDB |
|---|
| MD5: | ADBB 33D5 893B CF08 E75E A54B B566 9205 |
|---|
| SHA1: | 23C5 5CF3 635D 2F77 B119 F639 853A 0A89 869E 30F3 |
|---|
版資源情報 |
|---|
| 会社名前: | Microsoft Corporation |
|---|
| ファイル記述: | Generic Host Process for Win32 Services |
|---|
| ファイルオペレーティングシステム: | Windows NT, Windows 2000, Windows XP, Windows 2003 |
|---|
| ファイル・タイプ: | Application |
|---|
| ファイル版: | 5.1.2600.0 |
|---|
| 内部名: | svchost.exe |
|---|
| 法的版権: | Microsoft Corporation. All rights reserved. |
|---|
| 元のファイル名: | svchost.exe |
|---|
| 製品名: | Microsoft Windows Operating System |
|---|
| プロダクト版: | 5.1.2600.0 |
|---|
svchost.exe は次のレポートで見つけられた:
|
|
|---|
Backdoor.Litmus.203.b |
|---|
技術的詳細
...It copies itself as %windir%RandomSvchost.exe. NOTE: %windir% is a variable....
...LTM2 %windir%RandomSvchost.exe in the registry key...
取り外しの指示
...LTM2 %windir%RandomSvchost.exe from the registry key...
...Scroll through the list, and look for Svchost.exe If you find the file, click...
...LTM2 %windir%RandomSvchost.exe Exit the Registry Editor....
源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.litmus.203.b.html |
|---|
Backdoor.XTS |
|---|
Backdoor.XTS について
...to the compromised system. The main module, Svchost.exe, is packed with UPX. Also Known As: Backdoor-ASL...
技術的詳細
...Drops the following files: %Windows%Svchost.exe %System%Extapi.dll...
...System Important Message. Path: %Windows%Svchost.exe -k ras. Injects Extapi.dll and Sysmsg.dll...
源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xts.html |
|---|
Spyware.Shopnav.dl |
|---|
技術的詳細
...File names: Svchost.exe When Spyware.Shopnav is installed,...
源: http://securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.dl.html |
|---|
W32.BlueCode.Worm |
|---|
技術的詳細
...Then, the .dll creates the C:Svchost.exe file and executes it. Svchost.exe performs the infection...
...First, the value Domain Manager C:svchost.exe is added to the registry key...
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.bluecode.worm.html |
|---|
W32.Jeefo |
|---|
技術的詳細
...first-generation W32.Jeefo executable. Drop it as Svchost.exe (36,352 bytes) into the %Windir% folder....
...program parameter that specifies an infected application, which has dropped and run Svchost.exe. It will quit....
..."PowerManager"="%windir%svchost.exe" in the registry key:...
取り外しの指示
..."PowerManager"="%windir%svchost.exe" Exit the Registry Editor....
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.jeefo.html |
|---|
W32.Welchia.Worm |
|---|
技術的詳細
...Makes a copy of %System%DllcacheTftpd.exe as %System%Winssvchost.exe. NOTE:...
...Service Binary: %System%winssvchost.exe This service will be set to...
...machine and instructs the victim machine to connect and download Dllhost.exe and Svchost.exe from the attacking machine....
...If the %System%dllcache ftpd.exe file exists, the worm may not download svchost.exe. Checks the computer's operating...
...The worm does not delete the file, %System%WinsSvchost.exe, which is a nonmalicious tftp server....
取り外しの指示
...values from the registry. Delete the Svchost.exe file. For details on each of these...
...Exit the Registry Editor. 6. Deleting the Svchost.exe file Navigate to the %System%Wins...
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html |
|---|
Backdoor.Dewin |
|---|
技術的詳細
...Some variants of this Trojan create the file, %Windows%svchost.exe. Adds the value:...
...SystemReg C:\%Windows%svchost.exe run to the following registry...
取り外しの指示
...or: SystemReg C:\%Windows%svchost.exe run Click Registry, and then click...
...Added reference to minor variant which uses svchost.exe filename. Write-up by:...
源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html |
|---|
W32.Assarm@mm |
|---|
技術的詳細
...It determines whether the current file name is %windir%Svchost.exe. If it is, the worm then determines...
...If the current file name is not %windir%Svchost.exe, or if the argument "Install Me!" was passed to the worm, then the worm...
取り外しの指示
...95/98/Me, remove the line run=%windir%svchost.exe from the Win.ini file....
...similar to the following: run=%windir%svchost.exe If the line exists, select...
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.assarm@mm.html |
|---|
W32.HLLW.Cozit |
|---|
Backdoor.XTS について
...It copies itself to the Windows folder as Svchost.exe and changes the registry to run this file whenever you start Windows....
技術的詳細
...When W32.HLLW.Cozit is executed, it copies itself to the Windows folder as Svchost.exe. If the HKEY_CURRENT_USERSoftwareKazaaLocalContent...
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cozit.html |
|---|
W32.Marol@mm |
|---|
技術的詳細
...%Windir%TempWkCVX.exe %Windir% empSvchost.exe %System%COMD.exe...
..."admy" = "%windir% empsvchost.exe" "MDriver" = "C:losiram.vbs"...
取り外しの指示
..."admy" = "%windir% empsvchost.exe" "MDriver" = "C:losiram.vbs"...
......
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.marol@mm.html |
|---|
|
|
![[filename.info logo]](/img/logo.png){kind=logo}
![[cn svchost.exe]](/img/nix.gif){kind=small}
