New case of Virus/Trojan name dasvchost

I been experiencing difficulty on my system such as CPU usage always 50% but im not doing anything and pop up error like dasvchost have an error Send Error Report / Don’t sent like that and when i do a system restore it still there and when i try safe mode and delete it its still there and the worst part when i scan dasvchost with avast it docent detect anything T_T please help to remove it to my pc T_T im desperate

Until Now August 27 2008 no anti virus / anti spyware that i have tested have the potential or the abilities to remove it all my Hope lies on Avast im runnung a scan now 4:30 pm [PH time] :o

What we know about DASVCHOST.EXE:
The filename DASVCHOST.EXE was first seen on Jul 5 2008 in HONG KONG.
The filename DASVCHOST.EXE refers to many versions of an executable program. They share a common file size of 94,208 bytes.
These files may have the following Vendor, Product, Version Information in the file header

Referrer site

http://www.prevx.com/filenames/X1629802965073808147-0/DASVCHOST.EXE.html


Welcome to the forums, lind. :slight_smile:

Thank you for posting this information. Hopefully, one or more of the official avast team members will take a look at this.


You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

What is your firewall ?
It should be capable of blocking unauthorised outbound Internet Connections, which should help block any activity by this is it is malware.

Hi lind,

There is an interesting discussion on this malware here:
http://www30.discuss.com.hk/viewthread.php?tid=6802991&page=1&authorid=1866746

You can do a full scan with SAS from here: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

polonus

Hellow DavidR

First of all nice to meet you i tried your advice about scanning the dasvchost
but i got this result i got please follow up the update ^.,.^

File dasvchost.exe received on 08.29.2008 12:48:39 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information…
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.29 -
Authentium 5.1.0.4 2008.08.29 -
Avast 4.8.1195.0 2008.08.28 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.29 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.29 -
DrWeb 4.44.0.09170 2008.08.29 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6055 2008.08.29 -
Ewido 4.0 2008.08.29 -
F-Prot 4.4.4.56 2008.08.29 -
F-Secure 7.60.13501.0 2008.08.29 -
Fortinet 3.14.0.0 2008.08.29 -
GData 19 2008.08.29 -
Ikarus T3.1.1.34.0 2008.08.29 -
K7AntiVirus 7.10.431 2008.08.29 -
Kaspersky 7.0.0.125 2008.08.29 -
McAfee 5372 2008.08.28 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3397 2008.08.28 -
Norman 5.80.02 2008.08.28 -
Panda 9.0.0.4 2008.08.29 -
PCTools 4.4.2.0 2008.08.28 -
Prevx1 V2 2008.08.29 -
Rising 20.59.41.00 2008.08.29 -
Sophos 4.33.0 2008.08.29 -
Sunbelt 3.1.1592.1 2008.08.29 -
Symantec 10 2008.08.29 -
TheHacker 6.3.0.6.064 2008.08.27 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.29 -
ViRobot 2008.8.29.1355 2008.08.29 -
VirusBuster 4.5.11.0 2008.08.28 -
Webwasher-Gateway 6.6.2 2008.08.29 -
Additional information
File size: 94208 bytes
MD5…: 30d261fd30f0636bf1ddf4f2add6a0be
SHA1…: 91e46b44dee1228e29c5b8dc4126c3457e89e4aa
SHA256: 9c4cd10614a4ed7eb7d6d846896dfc41052cadcc587de45c4a4fa0d4ff12bd65
SHA512: 2d8872ddac513c0d1ecebc60d7bf0617204e7aa959d0e22f965a1b7a42f006a0
d23fee0df43aa0559d93f61de41ed39216f65ad1e067f8f939cdcc4109bd76d6
PEiD…: -
TrID…: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401f10
timedatestamp…: 0x485fa765 (Mon Jun 23 13:38:45 2008)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13450 0x14000 5.32 6a93bb28d9c62a95159087e8718d3b53
.data 0x15000 0xba8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x16000 0x8b8 0x1000 1.86 af59027c0d7ae950b7e0e3a435110108

( 1 imports )

MSVBVM60.DLL: EVENT_SINK_GetIDsOfNames, __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLateIdCall, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, EVENT_SINK_Invoke, __vbaFreeObjList, __vbaLineInputVar, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaStrCat, -, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, Zombie_GetTypeInfo, __vbaAryDestruct, __vbaExitProc, __vbaVarPow, __vbaVarForInit, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarIndexLoad, -, __vbaFpR4, __vbaStrFixstr, -, __vbaFpR8, __vbaRefVarAry, __vbaVarTstLt, _CIsin, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, __vbaStrCmp, __vbaVarTstEq, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaFixstrConstruct, __vbaLateIdCallLd, Zombie_GetTypeInfoCount, __vbaStrR8, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaStrVarVal, __vbaUbound, -, __vbaI2Var, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaInStr, __vbaR8Str, __vbaVarLateMemCallLdRf, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, -, _adj_fdivr_m32, _adj_fdiv_r, -, -, __vbaVarSetVar, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, -, __vbaVarDup, __vbaStrToAnsi, -, -, __vbaVarCopy, __vbaVarLateMemCallLd, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, -, _CItan, -, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj, -

( 0 exports )

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Unfortunate event have happen when i start downloading the Chan Killer that the furomer of this site have suggested Avast have Detected a Virus then automatically cancel the download can any one/any body please make sure this site/files are safe? although im trying it out cuz i trusted you ^.,^

Yurika i finally deleted Dasvchost.exe

Report : This is the Solution on how to delete daschost.exe from your PC

ChanKiller by uhthn2002

For Win 2k NT XP Vista For Win 2k NT XP Vista
<br />ChanKiller.exe > scan Strongly recommends that the security model used to extract the
after implementation, the folder ChanKiller.exe> by scan

10min Scan time may have to please be patient 10 min

→ You can Remove the ffl. program/trojan/adware

C: \ WINDOWS \ unsnsell.exe
C:\WINDOWS\jumched.exe C: \ WINDOWS \ jumched.exe
C:\WINDOWS\ituneHelpers.exe C: \ WINDOWS \ ituneHelpers.exe
C:\WINDOWS\jumched.exe C: \ WINDOWS \ jumched.exe
C:\WINDOWS\sdtartup.exe C: \ WINDOWS \ sdtartup.exe
C:\WINDOWS\dasvchost.exe C: \ WINDOWS \ dasvchost.exe

http://i272.photobucket.com/albums/jj179/Saber6699/2008-04-19_140108.jpg

Link for this anti Trojan

http://www.sendspace.com/file/t6mblj

Reminder:

Avast might detect this program as a virus so please pause/disable your avast while using this program all files are 100% safe

All the Credit goes to :

uhthn2002 (Thank You Very Very much)

and i like to thank the furom and the avast member for helping me kill the Trojan ;D

Special Thanks to

uhthn2002 (The Developer)
DavidR
CharleyO
polonus

Referrer Site:

http://translate.google.com/translate?u=http%3A%2F%2Fwww30.discuss.com.hk%2Fviewthread.php%3Ftid%3D6802991%26page%3D1%26authorid%3D1866746&sl=zh-CN&tl=en&hl=EN&ie=UTF-8

Don’t Worry the site is chines but goggle translated it for me

If Your system is infected by the ffl. Trojans Feel Free to use this guide if theirs any problem feel free to PM me ^.,^

Thanks for the update.


Thanks for posting the solution, lind. :slight_smile: