avast started to block svchost.exe in system32 process but I checked everything and the app is legit and is not virus I’m just getting like a month everyday messages that avast blocked a “virus”. How can i add the app into exceptions or to do something to not get that annoying messages.
I'm just getting like a month everyday messages that avast blocked a "virus"And what does the block message say?
Attach a screenshot
If you think it is wrong, report it to avast lab
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
It isn’t unusual for something/program to use/misuse svchost.exe. Generally it is used by system functions, commonly windows updates, etc.
So as Pondus implies we need more information.
I certainly wouldn’t recommend adding an exclusion until you know exactly why this is happening, in case this is being used maliciously.
screenshot
A search for wpad.dat returns many hits, some of which look like it can be used for malicious purposes.
https://www.google.co.uk/search?q=wpad.dat
See https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol
Something on your system is using svchost.exe to connect to hxxp://wpad.dcomwifi.com/wpad.dat I have modified the link (changed http to hxxp) so it isn’t active. This is trying to run a wpad.dat file at that location. I have no what the reason for this would be or why it is connecting and considering the connection isn’t secure https it whatever is communicated isn’t secure.
I’m not familiar with the workings of Web_Proxy_Auto-Discovery_Protocol function or why it needs to be used. Even trying to get information on the site from other sources triggers avast, see attached.
Hi
your pc tries to connect to "wpad.dcomwifi.com/wpad.dat "
with svchost.exe.
(it’s complicated)
reinstall the browser
How i can know what browser he tries to use or i need to reinstall every browser?
HI
what browser do you use?
Google Chrome and Edge
Have you also done a full antivirus scan on your PC?
Try disabling the Web_Proxy_AutoDiscovery system service. Web_Proxy_AutoDiscovery is considered vulnerable and is recommended to be disabled if it is not used in your network. In the home network, I think no one uses a proxy, much less its automatic configuration. It starts automatically when configuration via DHCP is configured on the network interface. And this means that you can also specify static IP, DNS and gateway settings in the network interface settings. After restarting the computer, the service will not be disabled, but it will not start because the DHCP client will not start. But if you connect to the router via wi-fi and use your computer to connect to other wi-fi, then it’s better to simply disable the service, otherwise there may be problems when connecting to someone else’s wi-fi. I think so…
I did full virus scan with high sensitivity and nothing. Is there any way to know which file is causing this?
Hi
“Google Chrome and Edge”
Svchost.exe means “service host” and is a file used by many Windows applications.
it’s a problem many years old, “bad” programs, use this file (windows own).
I would recommend you, install, for example, avast browser.
Try it, because if you already have those contaminated… Try it, and tell us the result.
In general, this is a false positive. The Web_Proxy_AutoDiscovery system service makes a request according to the protocol in search of the proxy server configuration and no crime. The protocol is considered vulnerable and avast confuses it with malicious. You can write about it here - https://www.avast.com/false-positive-file-form.php?ysclid=lpjoapgdtp983368935#pc
But It would not hurt to disable the service, at least in order to check and see the result.
After updating and deleting all data and cookies from both google and edge i didn’t get any messages from avast again.
Forget i got the message again
I tried using malwarebytes and it found nothing, i still didn’t try to disable wpad and i sent the message in avast false positive reporting page. And i found that in url i have wifi dns server.
Daneir…
I put it in another message:
"Svchost.exe means “service host” and is a file used by many Windows applications.
it’s a problem many years old, “bad” programs, use this file (windows own)."
Other program, “it is not a virus”, use it to do that…
the antivirus doesn’t detect it, because it’s not virus.
I put it, it’s complicated.
Request to wpad.dcomwifi.com/wpad.dat this is a request specifically for the wpad protocol. At this URL, it is the wpad service that searches for the wpad.dat file, which should specify the proxy server settings. So avast is blocking the request of this service. Either avast removes this url from the blacklist or you disable the service - there are probably no other solutions to the problem. You can also add exceptions. But this is not a way to understand and solve the problem, but a way to ignore it.
P.s. dcomwifi.com - probably related to your router - http://dcomtek.com/index.asp
P.s. ;D By the way, why does avast name the list of bad addresses blacklist? Are there racists working in the company? ;D Is Avast not afraid of BLM?
Thx everyone for your help i really appreciate it.