Jump to content


Photo

Suspicions on svchost.exe and AV running on network


  • Please log in to reply
1 reply to this topic

#1 spyster

spyster

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 14 July 2006 - 07:44 AM

Is it possible that a hacker could be using process svchost.exe to run malicious services on my computer? I have about 9 entries in TCPView with process svchost.exe running.

Anyway, oddly enough, I can see on the TCPView list that the antivirus is currently running as avp.exe . I don't understand why it would appear in TCPView? Why would it run on the network rather than locally?

#2 DanielSmith

DanielSmith

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 24 November 2006 - 09:21 PM

Is it possible that a hacker could be using process svchost.exe to run malicious services on my computer? I have about 9 entries in TCPView with process svchost.exe running.

Anyway, oddly enough, I can see on the TCPView list that the antivirus is currently running as avp.exe . I don't understand why it would appear in TCPView? Why would it run on the network rather than locally?

they definitely can do this, malicious services can run as a DLL injected in the process svchost.exe.




Member of UNITE
Support SpywareInfo Forum - click the button