stevelw Posted May 9, 2008 I am currently running version 4.0.1154 of SAS and have just started receiving reports of an infection on my machine. On bootup SAS generates a report saying that it has detected, and blocked, Trojan.dropper/svchost.exe-fake.process. After then performing a full system scan the log file shows that a file has been found which I quarantined. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/09/2008 at 10:12 AM Application Version : 4.0.1154 Core Rules Database Version : 3455 Trace Rules Database Version: 1448 Scan type : Complete Scan Total Scan Time : 00:19:14 Memory items scanned : 450 Memory threats detected : 0 Registry items scanned : 6023 Registry threats detected : 0 File items scanned : 18019 File threats detected : 1 Trojan.Dropper/SVCHost-Fake C:\WINDOWS\SYSTEM32\CONFIG\SVCHOST.EXE On rebooting the machine, the original report returned suggesting that the infection remains. Is this a false positive or do I have some form of trojan that, whilst able to detect, SAS cannot remove permanently?[/img] Share this post Link to post Share on other sites
SUPERAntiSpy Posted May 9, 2008 I am currently running version 4.0.1154 of SAS and have just started receiving reports of an infection on my machine.On bootup SAS generates a report saying that it has detected, and blocked, Trojan.dropper/svchost.exe-fake.process. After then performing a full system scan the log file shows that a file has been found which I quarantined. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/09/2008 at 10:12 AM Application Version : 4.0.1154 Core Rules Database Version : 3455 Trace Rules Database Version: 1448 Scan type : Complete Scan Total Scan Time : 00:19:14 Memory items scanned : 450 Memory threats detected : 0 Registry items scanned : 6023 Registry threats detected : 0 File items scanned : 18019 File threats detected : 1 Trojan.Dropper/SVCHost-Fake C:\WINDOWS\SYSTEM32\CONFIG\SVCHOST.EXE On rebooting the machine, the original report returned suggesting that the infection remains. Is this a false positive or do I have some form of trojan that, whilst able to detect, SAS cannot remove permanently?[/img] Send me the sample to nicks AT superantispyware.com and I will check it out right now. Share this post Link to post Share on other sites
stevelw Posted May 9, 2008 I'm new to SAS .. what do you mean by 'the sample'? Do you mean the .exe file referred to in the report or something else? Share this post Link to post Share on other sites
SUPERAntiSpy Posted May 9, 2008 I'm new to SAS .. what do you mean by 'the sample'? Do you mean the .exe file referred to in the report or something else? Yes, send me the SVCHOST.EXE from that folder and I'll check it out Share this post Link to post Share on other sites