sachost is this a virus or not?

Every time I use my usb-stick on my laptop, it puts this “sachost” file on it.
The virus scanner at my school recognizes this file as a trojan but Avast home
edition doen’t.
Can anyone tell me if its a virus and if so, how can I remove it?

yes it might be if its in system32

If you have a process called sachost.exe your pc may be infected with a form of the tofger trojan.
sachost.exe is considered to be a security risk, not only because antivirus programs flag tofger trojan as a trojan, but also because other sites consider it a Trojan as well.
sachost.exe can do stuff like loss of data, loss of control or leaking private information.

sachost.exe is able to record keyboard inputs. The process uses ports to connect to LAN or Internet. The file is not a Windows core file. sachost.exe is able to hide itself, monitor applications. Therefore the technical security rating is 100% dangerous.

also
The program is not visible. sachost.exe is an unknown file in the Windows folder.

its a startup process and not a task manager item…


so my verdict is YES IT IS try scanning it with jotti or virustotal BUT NOT THE ONE IT PUTS ONTO THE FLASH DRIVE find the actual file in your WINDOWS folder to scan

send the file in a password protected archive to virus[at]avast[dot]com, it will be analyzed and detected asap…

Hi Dennis82,

Name: Online Service
Filename: sachost.exe
Fix sachost.exe errors: Try a Registry Scan
Command: %WinDir%\sachost.exe
Description: Added by the Troj/Multidr-E Trojan.
File Location: %WinDir%\sachost.exe
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category: O4 Entry

Also found to be part of an autorun infection:
On your usb stick the files sachost.exe & autorun.inf appear when you run it on a PC. If you delete these files, and these files are automattically reloaded by autorun when you put the usb stick into the PC.

Contents autorun folder:

[AutoRun]
open=sachost.exe
shellexecute=sachost.exe
shell\Auto\command=sachost.exe.

See the various cleansing routines here for autorun infections,

polonus