home

svchostexe.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain svchostexe.com is registered by proxy through ENOM, INC. and was originally registered in December of 2011. Currently this domain has been known to host various forms of malware. The hosted servers are located in Brea, California within the United States which resides on the New Dream Network, LLC network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Friday, December 16, 2011

Expires date:
Friday, December 16, 2016

Updated date:
Friday, December 18, 2015

ASN:
AS26347 DREAMHOST-AS - New Dream Network, LLC,US

Whois:
1 svchostexe.com record

Google Safe Browsing:
unwanted

Scanner detections:
Malware distribution  (56% detected)

Scan engine
Details
Detections

AhnLab V3 Security
Win-Trojan/Malpacked3.Gen, Trojan/Win32.Agent
57.14%

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
57.14%

Avira AntiVirus
TR/Dropper.Gen
57.14%

Reason Heuristics
Threat.Generic.Variant
42.86%

Rising Antivirus
PE:Malware.Obscure!1.A3BB [F]
42.86%

F-Secure
Application:W32/Generic.70053c248f!Online, Gen:Trojan.Heur.FU.rvW@aOVYO2e
28.57%

Emsisoft Anti-Malware
Gen:Variant.Kazy.779660, Trojan.GenericKD.2987491
28.57%

Norman
Gen:Variant.Kazy.779660, Trojan.GenericKD.2987491
28.57%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
14.29%

Lavasoft Ad-Aware
Gen:Variant.Kazy.779660
14.29%

avast!
Win32:Malware-gen
14.29%

MicroWorld eScan
Gen:Variant.Kazy.779660
14.29%

Bitdefender
Gen:Variant.Kazy.779660
14.29%

Arcabit
Trojan.Kazy.DBE58C
14.29%

G Data
Gen:Variant.Kazy.779660
14.29%

The domain svchostexe.com has been seen to resolve to the following IP address.

66.33.207.72
ds8050.dreamservers.com
December 19, 2015

File downloads found at URLs served by svchostexe.com.

4 / 68      (inconclusive)
http://svchostexe.com/.../Setup_41124.exe  (09928eb9880db9181a1b2b060c9c5557)

11 / 68    (Malware)
http://svchostexe.com/.../dl.php?id=vYnO1  (setup_file_install.exe)

5 / 68      (Malware)
http://svchostexe.com/.../Setup_29201.exe  (9c8dd31d9bcab328597b73751c474be1)

0 / 68
http://svchostexe.com/.../dl.php?id=adfly1  (wtfastsetup.br.3.5.9.511.exe)

4 / 68      (inconclusive)
http://svchostexe.com/.../dl.php?id=adfly1  (setup_41124.exe)

5 / 68      (Malware)
http://svchostexe.com/.../dl.php?id=adfly1  (setup_29201.exe)

2 / 68      (false positives)
http://svchostexe.com/.../Setup_510028.exe  (wrar420.exe)

2 / 68      (Malware)
http://svchostexe.com/.../dl.php?id=lb1  (setup_510028.exe)

2 / 68      (Malware)
http://svchostexe.com/.../Setup_510028.exe  (5cee356300a2b24bcd75ce24f4996bdf)

6 / 68      (Malware)
http://svchostexe.com/.../dl.php?id=adfly1  (setup_41124.exe)

0 / 68
http://svchostexe.com/.../dl.php?id=lb1  (dsrmcm_w.exe)

0 / 68
http://svchostexe.com/.../dl.php?id=adfly1  (dsrmcm_w.exe)

1 / 68      (Malware)
http://svchostexe.com/.../dl.php?id=adfly1  (setup_41124.exe)

2 / 68      (Malware)
http://svchostexe.com/.../dl.php?id=adfly1  (setup_510028.exe)

11 / 68    (Malware)
http://svchostexe.com/.../setup_file_install.exe  (d0fd69dc63d28333e08ac007d098d787)

The following file have been seen to comunicate with svchostexe.com in live environments.

TCP » 66.33.207.72:80
browser.exe (Browser)

URL:
http://svchostexe.com/

Title:
“svchost.exe - What is the svchost.exe process in Windows?”

Description:
“Is svchost.exe a virus? The svchost.exe process in the Task Manager is a common Windows system process.”

Web server:
Apache

Facebook:
Shares:  1

Statistics above are for the previous month of October 2024.

avgdownload.org

limewirefreedownload.org

orbitaldownloads.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.