system
January 21, 2012, 3:19pm
1
this is my system svchost.exe
its from:
c:\windows\system32\svchost.exe
is this a FP on virustotal?
https://www.virustotal.com/file/121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2/analysis/1327158269/
I investigated with comodo kill switch and found that this the only svchost running on my clean win7…
Whats the big deal with esafe?
Interesting to read all the comments.
You can send a sample to virus [at] avast [dot] com for analysis.
You can also try uploading it to Comodo’s Instant Malware Analyzer http://camas.comodo.com To see what it does.
system
January 21, 2012, 3:34pm
3
Comodo online file analyzer says its a not a excutable file…when i put it from my comodo defence+ for online lookup it says the file is safe…
comodo kill switch also tells me this is the only svchost on my win7 and it is legitimate…
threatexpert report:
http://www.threatexpert.com/report.aspx?md5=54a47f6b5e09a77e61649109c6a08866
Did you try sending it to avast yet?
Also:
Dropped file from trojan downloader. Download url ; hxxp://russian-post.net/load/load.exe
#malware
Posted 1 year, 4 months ago by remixed
https://www.virustotal.com/user/remixed/
A search for this reveals a lot of hits.
system
January 21, 2012, 3:40pm
5
my threatexpert report doesnt report any malware…
i have sent the file many times before but it has been found as clean…
Probable eSafe fp
First seen by VirusTotal
2009-07-22 12:30:01 UTC ( 2 years, 6 months ago )
Last seen by VirusTotal
2012-01-21 15:04:29 UTC ( 36 minutes ago )
system
January 21, 2012, 3:45pm
7
I have asked essexboy to take a look at the Vt report and this topic…lets see what he has to say…
probably this thing has even been reported at comodo forums…google search revealed it…that has been done a long while ago so they have found the file to be clean and legit.
i saw even many people on the forums have also reported it to avast! and the file hasnt been reported as malware…it is clean and legit even according to threat expert…
according to kill switch my svchost is connecting to the dhcp and event log…and to the windows update service…remote address for my svchost doesnt exist phew!
Pondus
January 21, 2012, 3:53pm
8
it is a eSafe false positive
First seen by VirusTotal
2009-07-22 12:30:01 UTC ( 2 years, 6 months ago )
Last seen by VirusTotal
2012-01-21 15:04:29 UTC ( 46 minutes ago )
Glad to see your problem is solved.
@Pondus
Good job for repeating every word I said. ;D
system
January 21, 2012, 3:56pm
10
Yup! its sure safe and legit ;D
So my system is clean.
Pondus
January 21, 2012, 3:58pm
11
Good job for repeating every word I said.
yes...but he did not seem to hear what you say.....red letters scream louder ;D
system
January 21, 2012, 4:00pm
12
Here’s the detail on svchost.exe on my WIN 7 x64 SP1 installation. My size is 26.5K and has not changed from initial installation it appears.
system
January 21, 2012, 4:00pm
13
Good job for repeating every word I said.
yes...but he did not seem to hear what you say.....red letters scream louder ;D
I reported this as FP to esafe long ago but they dont seem to remove the detection…poor tech support
system
January 21, 2012, 4:04pm
14
Mine is little smaller 20.5 KB
Not changed from 14 july 2009 :o
LOL! that time i didnt even have this laptop…
Not accessed since 14 july 2009 ;D
Donovan
January 21, 2012, 4:22pm
15
Good job for repeating every word I said.
yes...but he did not seem to hear what you say.....red letters scream louder ;D
Okay, so I just have to use RED letters from now on and Oindian will ‘hear my cry’? ;D
system
January 21, 2012, 4:24pm
16
ok…so this resloved… ;D
conclusion:
my laptop is fully clean and protected.
Thanks to all u guys for help and confirmation.