1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Unsure about removing strange exe file

Discussion in 'Virus & Other Malware Removal' started by Armiris, Nov 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    I have 2 strange .exe files in my C:\ folder, named svchost.exe and svchost2.exe. It's hard to tell if it's running in the processes, since there are a couple of SVCHOST.EXE's running. Is it safe to manually delete them, or could it cause problems?
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    svchost.exe should only be in your System32 folder - anywhere else reeks of virus.
     
  3. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    Is it safe to manually remove it?
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes.

    If you still feel uneasy, upload the files here: http://virusscan.jotti.org/

    Use the Browse button at Jotti.
    Navigate to the file's location on your hard drive and submit them.
    Let me know what it says regarding the files.
     
  5. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    It scanned C:\svchost.exe: High threat detected

    A-Squared
    Found nothing
    AntiVir
    Found TR/Dldr.VB.blj
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found Generic6.SDN
    BitDefender
    Found BehavesLike:Trojan.Downloader (probable variant)
    ClamAV
    Found Trojan.Downloader-15569
    CPsecure
    Found Troj.Downloader.W32.VB.blj
    Dr.Web
    Found Trojan.DownLoader.28108
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found Trojan-Downloader:W32/Small.FXE, Trojan-Downloader.Win32.VB.blj
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found Trojan-Downloader.Win32.VB.blj
    NOD32
    Found probably a variant of Win32/TrojanDownloader.VB (probable variant)
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found Trj/Downloader.QLL
    Rising Antivirus
    Found Trojan.DL.Win32.VB.blj
    Sophos Antivirus
    Found Mal/Heuri-E
    VirusBuster
    Found Trojan.DL.VB.GKQ
    VBA32
    Found Trojan.DownLoader.28108

    Scanned C:\svchost2.exe: High threat detected

    A-Squared
    Found nothing
    AntiVir
    Found TR/Dldr.VB.blj
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found Generic6.SDN
    BitDefender
    Found BehavesLike:Trojan.Downloader (probable variant)
    ClamAV
    Found Trojan.Downloader-15569
    CPsecure
    Found Troj.Downloader.W32.VB.blj
    Dr.Web
    Found Trojan.DownLoader.28108
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found Trojan-Downloader:W32/Small.FXE, Trojan-Downloader.Win32.VB.blj
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found Trojan-Downloader.Win32.VB.blj
    NOD32
    Found probably a variant of Win32/TrojanDownloader.VB (probable variant)
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found Trj/Downloader.QLL
    Rising Antivirus
    Found Trojan.DL.Win32.VB.blj
    Sophos Antivirus
    Found Mal/Heuri-E
    VirusBuster
    Found Trojan.DL.VB.GKQ
    VBA32
    Found Trojan.DownLoader.28108

    I'm deleting them
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yup, without a doubt they are bad.
     
  7. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    I'm looking at some of the more suspicous files with the viruscan.jotti.org thing. Thanks for the help. I deleted svchost.exe and svchost2.exe.
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  9. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    I have a lot of infected files on my computer, or so the scan says. I'll get back to you as soon as I find out what is infected.
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Okay.....
     
  11. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    Okay, I'm attaching a list of the infected files in the Windows folder. My antivirus didn't detect them.
     

    Attached Files:

  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Have you deleted them?
     
  13. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    Not yet. I was waiting for you to reply if you knew any of them were required. Are they?
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    All look dodgy to me.
     
  15. Armiris

    Armiris Thread Starter

    Joined:
    Sep 6, 2007
    Messages:
    572
    I'll delete them. I had another list, but my virus scan deleted the files on that list.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Unsure removing
  1. Oxobius
    Replies:
    0
    Views:
    304
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651070

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice