How to remove svchost.exe

» File
File Details
Overview
Analysis

svchost.exe

The module svchost.exe has been detected as Risk.CoinMiner

svchost.exe

Remove svchost.exe

File Details

Main Info:

MD5:	867f0419dcf3adf4cbd9c3bf99b29cb2
Size:	246 KB
First Published:	2017-11-04 07:02:24 (7 years ago)
Latest Published:	2020-10-21 03:31:41 (4 years ago)

Analysis:

Status:	Risk.CoinMiner (on last analysis)
Analysis Date:	2020-10-21 03:31:41 (4 years ago)

Overview

Digital Signature

Signed By:	NICEHASH, d.o.o.
Status:	Valid

Common Places:

%appdata%\nhm2\bin\xmr-stak-cpu

%appdata%\nhm2\bin

%sysdrive%\uyuhbu29g7oxa5wh\qdkfwcgq27po3l4w\users\money\application data\nhm2\bin

%sysdrive%\uyuhbu29g7oxa5wh\iyaiqxrij72judhu\users\money\application data\nhm2\bin

%sysdrive%\2-i-2-files\backup\www10\windowsold\users\shum\appdata\roaming\nhm2\bin

%programfiles%

%profile%

%sysdrive%\windows.old.000\users\io\appdata\roaming\nhm2\bin

%appdata%\nhm2\bin

%sysdrive%\backup\other\ssd1\users\admince a\appdata\roaming\nhm2\bin

File Names:

xmr-stak-cpu.exe

svchost.exe

Geography:

	26.2%
	12.3%
	9.0%
	5.7%
	5.7%
	4.9%
	4.9%
	3.3%
	3.3%
	2.5%
	2.5%
	2.5%
	1.6%
	1.6%
	1.6%
	1.6%
	1.6%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%
	0.8%

OS Version:

Windows 10	82.1%
Windows 7	13.0%
Windows 8.1	4.1%
Windows Server 2012 R2	0.8%

Analysis

PE Info:

Subsystem:	Windows CUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x00027dac

PE Sections:

Name	Size of data	MD5
.text	162304	0ef3bbcc593f9fb20e51af95beb2768e
.rdata	42496	6aca430f4b619ed6223c1708d00ffa56
.data	21504	e3241e4a01c541b5bcfb6a52507593c2
.pdata	7680	9137bb9929c4083094ad245d8e72722f
.tls	512	1f354d76203061bfdd5a53dae48d5435
.gfids	512	2f09e0510da374dac9644eefcf44160c
.rsrc	512	9f1a673dc4e7c166bd12756a73603a62
.reloc	512	9b5b771938a9fd70cef0a582bbf45b2e

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for svchost.exe

copyright for information about svchost.exe