How to remove svchost.exe

» File
File Details
Overview
Analysis

svchost.exe

The module svchost.exe has been detected as Trojan.CoinMiner

Remove svchost.exe

File Details

Main Info:

MD5:	eedb9d86ae8abc65fa7ac7c6323d4e8f
Size:	1 MB
First Published:	2017-05-21 03:01:57 (7 years ago)
Latest Published:	2024-03-08 23:24:33 (4 months ago)

Analysis:

Status:	Trojan.CoinMiner (on last analysis)
Analysis Date:	2024-03-08 23:24:33 (4 months ago)

Common Places:

%appdata%\nscpucnminer

%appdata%\nsminer

%appdata%\images

%sysdrive%\windows.old\users\user\appdata\local\temp

%sysdrive%\windows.old\users\user\appdata\local\microsoft\windows\inetcache\ie\6f9jyrv5

%windir%\temp

%localappdata%\temp

%profile%\дминистратор\application data\nscpucnminer

%sysdrive%\system volume information\_restore{ffc538ad-d1e5-4fce-aac6-3cf2f795ddd4}\rp4

%system%\config\systemprofile\appdata\roaming\nscpucnminer

File Names:

NsCpuCNMiner64.exe

svchost.exe

svchost[1].exe

NsCpuCNMiner64.exe.quarantined

A0010030.exe

svchost[2].exe

NSCPUCNMINER64.del

$RBRFTIZ.exe

$RCCXVJA.exe

$RYQQE7D.exe

$RW1MF4I.exe

trz1F7.tmp

trz476.tmp

trzAD80.tmp

trzA6CA.tmp

trz9F2C.tmp

trz7805.tmp

trz10B5.tmp

trz93B7.tmp

trz285.tmp

trzAB7D.tmp

trz87F7.tmp

trz1891.tmp

trz5D5E.tmp

trzA778.tmp

trz9914.tmp

trz1559.tmp

trz126B.tmp

trz6C8.tmp

trzAE1C.tmp

$RLV564L.exe

Geography:

	40.4%
	21.5%
	7.5%
	2.7%
	2.7%
	2.5%
	2.1%
	1.3%
	1.1%
	1.0%
	1.0%
	1.0%
	1.0%
	1.0%
	0.8%
	0.7%
	0.7%
	0.7%
	0.7%
	0.6%
	0.6%
	0.5%
	0.5%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.3%
	0.3%
	0.3%
	0.3%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%

OS Version:

Windows 7	60.9%
Windows 10	14.5%
Windows 8.1	7.0%
Windows 8	5.0%
Windows XP	4.5%
Windows Server 2003	2.7%
Windows Server 2012 R2	2.6%
Windows Server 2008 R2	1.7%
Windows Vista	0.7%
Windows Server 2012	0.2%
Windows MultiPoint Server 2011	0.1%
Windows Embedded 8.1	0.1%

Analysis

PE Info:

Subsystem:	Windows CUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x0032228a

PE Sections:

Name	Size of data	MD5
.text	0	00000000000000000000000000000000
.rdata	0	00000000000000000000000000000000
.data	0	00000000000000000000000000000000
.pdata	0	00000000000000000000000000000000
.tls	512	bf619eac0cdf3f68d496ea9344137e8b
.vmp0	0	00000000000000000000000000000000
.vmp1	1560064	e4b26de66646852de5d3c97a699968e4
.reloc	512	7e569fdc635b45697a6d09da75d98538
.rsrc	1024	3dcf3c3353f25ca2b635ee2443c17970

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for svchost.exe

copyright for information about svchost.exe