[RESOLVED]Svchost.exe..ohh! no virustotal results FP?

this is my system svchost.exe

its from:

c:\windows\system32\svchost.exe

is this a FP on virustotal?
https://www.virustotal.com/file/121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2/analysis/1327158269/

I investigated with comodo kill switch and found that this the only svchost running on my clean win7…

Whats the big deal with esafe?

Interesting to read all the comments.

You can send a sample to virus [at] avast [dot] com for analysis.

You can also try uploading it to Comodo’s Instant Malware Analyzer http://camas.comodo.com To see what it does.

Comodo online file analyzer says its a not a excutable file…when i put it from my comodo defence+ for online lookup it says the file is safe…

comodo kill switch also tells me this is the only svchost on my win7 and it is legitimate…

threatexpert report:
http://www.threatexpert.com/report.aspx?md5=54a47f6b5e09a77e61649109c6a08866

Did you try sending it to avast yet?

Also:

Dropped file from trojan downloader. Download url ; hxxp://russian-post.net/load/load.exe #malware Posted 1 year, 4 months ago by remixed
https://www.virustotal.com/user/remixed/

A search for this reveals a lot of hits.

my threatexpert report doesnt report any malware…

i have sent the file many times before but it has been found as clean…

Probable eSafe fp

First seen by VirusTotal
2009-07-22 12:30:01 UTC ( 2 years, 6 months ago )

Last seen by VirusTotal
2012-01-21 15:04:29 UTC ( 36 minutes ago )

I have asked essexboy to take a look at the Vt report and this topic…lets see what he has to say…

probably this thing has even been reported at comodo forums…google search revealed it…that has been done a long while ago so they have found the file to be clean and legit.

i saw even many people on the forums have also reported it to avast! and the file hasnt been reported as malware…it is clean and legit even according to threat expert…

according to kill switch my svchost is connecting to the dhcp and event log…and to the windows update service…remote address for my svchost doesnt exist phew! :wink:

it is a eSafe false positive

First seen by VirusTotal
2009-07-22 12:30:01 UTC ( 2 years, 6 months ago )
Last seen by VirusTotal
2012-01-21 15:04:29 UTC ( 46 minutes ago )

Glad to see your problem is solved. :slight_smile:

@Pondus

Good job for repeating every word I said. :wink: ;D

Yup! its sure safe and legit ;D

So my system is clean.

Good job for repeating every word I said.
yes...but he did not seem to hear what you say.....red letters scream louder ;D

Here’s the detail on svchost.exe on my WIN 7 x64 SP1 installation. My size is 26.5K and has not changed from initial installation it appears.

I reported this as FP to esafe long ago but they dont seem to remove the detection…poor tech support :cry:

Mine is little smaller 20.5 KB

Not changed from 14 july 2009 :o

LOL! that time i didnt even have this laptop…

Not accessed since 14 july 2009 ;D

Okay, so I just have to use RED letters from now on and Oindian will ‘hear my cry’? ;D

ok…so this resloved… ;D

conclusion:

my laptop is fully clean and protected.

Thanks to all u guys for help and confirmation. :slight_smile: