Jump to content

Trojan blocked - svchost.exe


Go to solution Solved by Zynthesist,

Recommended Posts

Hello everyone.

I hope you can help me with this issue. I have mbam premium and while i was browsing through a site, i got a "Trojan blocked" notification from mbam. Usually, when they are related to google.exe, i imagine they simply are ads that share the IP with malicious sites. Yet this time the issue was at svchost.exe, which threw me instantly off guard. I performed a quick scan, nothing was found. Right now i'm performing a full scan with rootkits detection on. Just a couple of weeks ago nothing was found on my pc after posting it on the forums, so i'm pretty worried. Sorry if my sistem is in Italian, it might take a while to translate.

-Dettagli log-
Data evento di protezione: 02/04/21
Ora evento di protezione: 17:45
File di log: 800bbc94-93ca-11eb-a80a-309c23835076.json

-Informazioni software-
Versione: 4.3.0.98
Versione componenti: 1.0.1217
Aggiorna versione pacchetto: 1.0.39012
Licenza: Premium

-Informazioni sistema-
SO: Windows 10 (Build 19041.867)
CPU: x64
File system: NTFS
Utente: System

-Dettagli siti web bloccati-
Sito web nocivo: 1
, C:\Windows\System32\svchost.exe, Bloccato, -1, -1, 0.0.0, , 

-Dati sito web-
Categoria: Trojan
Dominio: cs9.wac.phicdn.net
Indirizzo IP: 93.184.220.29
Porta: 80
Tipo: In uscita
File: C:\Windows\System32\svchost.exe

(end)

Link to post
Share on other sites

Hello I have the same problem  with this trojan on my latest two scans 

-Software-informatie-
Versie: 4.3.0.98
Versie componenten: 1.0.1173
Update pakketversie: 1.0.39012
Licentie: Premium

-Systeeminformatie-
Besturingssysteem: Windows 10 (Build 19041.867)
Processor: x64
Bestandssysteem: NTFS
Gebruiker: System

-Details van geblokkeerde website-
Kwaadaardige website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Geblokkeerd, -1, -1, 0.0.0, , 

-Websitegegevens-
Categorie: Trojaans paard
Domein: cs9.wac.phicdn.net
IP-adres: 93.184.220.29
Poort: 80
Type: Uitgaand
Bestand: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

 

Link to post
Share on other sites

Sorry for the comment, forgot i couldn't edit my post. 

I have attached Addition and FRST scans. Adware scan found nothing. 

I have also got another malware warning, this time from nowhere.

 

 

-Dettagli log-
Data evento di protezione: 02/04/21
Ora evento di protezione: 18:18
File di log: 1124fee4-93cf-11eb-9977-309c23835076.json

-Informazioni software-
Versione: 4.3.0.98
Versione componenti: 1.0.1217
Aggiorna versione pacchetto: 1.0.39012
Licenza: Premium

-Informazioni sistema-
SO: Windows 10 (Build 19041.867)
CPU: x64
File system: NTFS
Utente: System

-Dettagli siti web bloccati-
Sito web nocivo: 1
, , Bloccato, -1, -1, 0.0.0, , 

-Dati sito web-
Categoria: Malware
Dominio: 
Indirizzo IP: 93.184.220.29
Porta: 80
Tipo: In uscita
File: 

(end)

Addition.txt FRST.txt

Link to post
Share on other sites

This IP and domain are used for a digicert service, most likely false positive but your pc will ping it often to check if SSL certificates for websites you are visiting are valid

Link to post
Share on other sites

I think the issue is solved, it stopped popping up, my mother called me too about it, I could calm her down too, it was FP , so everthing fine for now, thanks. 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.