home

svchost.exe

Avira GmbH

The executable svchost.exe, “AntiVir Command Line Scanner for Windows” has been detected as malware by 39 anti-virus scanners. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Avira GmbH

Description:
AntiVir Command Line Scanner for Windows

Version:
7.6.0.59

MD5:
e25f3836f2b47fa8ada3c051bf82c54d

SHA-1:
bd835d510cdc872e3c223d12fb494a35136f8938

SHA-256:
4910d1181fc93ea950ce98840b4025263c49463ad8cfcf4451f57240657814a1

Scanner detections:
39 / 68

Status:
Malware

Explanation:
svchost.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:
4/1/2025 8:18:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.Elzob.176
-39

Agnitum Outpost
Trojan.Ramnit.Gen
7.1.1

AhnLab V3 Security
Trojan/Win32.Zbot
2014.02.12

Avira AntiVirus
TR/Crypt.ZPACK.Gen
7.11.130.238

avast!
Win32:Virut-AEO
2014.9-170315

AVG
PSW.Generic8
2018.0.2439

Baidu Antivirus
Worm.Win32.Agent
4.0.3.17315

Bitdefender
Gen:Variant.Graftor.Elzob.176
1.0.20.370

Bkav FE
W32.MosquitoQKG.Trojan
1.3.0.4924

Clam AntiVirus
Trojan.Kazy-1329
0.98/18355

Comodo Security
TrojWare.Win32.Kryptik.KLV
17767

Dr.Web
Trojan.MulDrop1.64009
9.0.1.074

Emsisoft Anti-Malware
Gen:Variant.Graftor.Elzob.176
8.17.03.15.11

ESET NOD32
Win32/Ramnit
11.9409

Fortinet FortiGate
W32/Kryptik.KLV!tr
3/15/2017

F-Prot
W32/Ramnit.K.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.Elzob.176
11.2017-15-03_4

G Data
Gen:Variant.Graftor.Elzob.176
17.3.24

IKARUS anti.virus
Virus.Win32.Vitru
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.11136

Kaspersky
Worm.Win32.Agent
14.0.0.-1312

Malwarebytes
Spyware.Zbot
v2017.03.15.11

McAfee
PWS-Zbot.gen.cy
5600.6095

Microsoft Security Essentials
Trojan:Win32/Ramnit.A
1.165.247.01

MicroWorld eScan
Gen:Variant.Graftor.Elzob.176
18.0.0.222

NANO AntiVirus
Trojan.Win32.MulDrop1.vcdzw
0.28.0.57630

Norman
Kryptik.CCGO
11.20170315

Panda Antivirus
Generic Trojan
17.03.15.11

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Quick Heal
Trojan.Ramnit.A
3.17.12.00

Rising Antivirus
PE:Trojan.Lebag!1.992B
23.00.65.17313

Sophos
Troj/FakeAV-CPL
4.97

SUPERAntiSpyware
Heur.Agent/Gen-StaticIcon
8534

Total Defense
Win32/Ramnit.CH
37.0.10755

Trend Micro House Call
TSPY_ZBOT.SMHA
7.2.74

Trend Micro
TSPY_ZBOT.SMHA
10.465.15

Vba32 AntiVirus
Worm.Agent
3.12.24.3

VIPRE Antivirus
Packed.Win32.PWSZbot.gen.cy
26356

ViRobot
Worm.Win32.A.Agent.110592.G
2011.4.7.4223

File size:
278.8 KB (285,440 bytes)

Product version:
7.6.0.59

Copyright:
Copyright © 2007 Avira GmbH. All rights reserved.

Trademarks:
AntiVir® is a registered trademark of Avira GmbH, Germany

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\svchost.exe

File PE Metadata
Compilation timestamp:
6/22/1996 11:12:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 58, 01, 00, 00, 53, 56, 57, 51, 6A, 00, FF, 15, F0, 20, 40, 00, 85, C0, 75, 02, FF, D0, 6A, 00, 6A, 00, 6A, 00, FF, 15, EC, 20, 40, 00, 85, C0, 74, 02, FF, D0, 31, 85, 2A, FF, FF, FF, BA, 42, 46, 00, 00, 8B, 92, 32, DA, 3F, 00, 68, 7B, 08, 00, 00, FF, D2, 23, C4, 33, F2, 0B, CB, BF, 93, 78, 00, 00, 8B, BF, AD, A7, 3F, 00, 8D, 75, C0, 56, FF, D7, BF, 05, 2B, 00, 00, 8B, BF, 63, F5, 3F, 00, 89, 7D, F8, 68, F8, 20, 40, 00, FF, 55, F8, BF, 2B, DE, 3F, 00, BE, 41, 42, 00, 00, 8B, 3C, 37, 89...
 
[+]

Entropy:
5.7815

Developed / compiled with:
Microsoft Visual C++

Code size:
2 KB (2,048 bytes)

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.