Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Low detection for conhostd.exe
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Low detection for conhostd.exe (Read 2174 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Low detection for conhostd.exe
«
on:
October 08, 2013, 01:04:16 AM »
DNS-serverhacks is a new malware phenomenon.
The detection rate for this kind of malware is rather low, see for conhost.exe - application/octet-stream - virus dropper malware:
->
https://www.virustotal.com/nl/file/8796955247dfcadde58243d8cfdcb416b1b40fd66950433c82a05fc87e803850/analysis/
It is a virus dropper - 'conhostd.exe' is a tool to setup TOR connections.
Malware sample is located at %appdata%/<random chars>/winserviced.exe
according to twitter info from yonathan dklijnsma
The C & C is hosted as a hidden service.
How to quickly detect CONHOSTD.EXE presence?
FilesFiles:
%LOCAL APPDATA%\APPS\TRUPD.EXE
%LOCAL APPDATA%\54B2E17E\CONHOSTD.EXE
Malware Analysis of CONHOSTD.EXE
Full path on a computer: %LOCAL APPDATA%\54B2E17E\CONHOSTD.EXE
Detected by UnHackMe:
CONHOSTD.EXE
Default location: %LOCAL APPDATA%\54B2E17E\CONHOSTD.EXE
Removal Results: Success
Number of reboot: 1 (link info
http://greatis.com/blog/how-to-remove-malware/conhostd-exe.htm
)
See also for a full description:
http://virus-com.com/viruscom/viruscom_150939.html
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Low detection for conhostd.exe