c:\windows\system32\svchost.exe Rootkit ;-(

[kakashi99]

No network problems

I don't know, I didn't had the time to check internet before avast alert, and just after the alert, no network. It's really strange, I will re do it tonight are tomorrow... but everything was launched, and all svchost process were running.

I think it's only due to the fact that avast was not updated yesterday... I don't know.

[Saullasky]

Hello.

Sorry for my poor english, i'm french.


I have avast pro installed on my job computers ( env. 400 pc) And I have the same errror on 3 of them now. (2 xp pro sp1 and 1 xp fam)


Please correct this errror I don't want to reinstall the 400 computers ..

[igor]

The false positive has already been corrected, so just make sure the systems are updated to the latest virus database.

[igor]

One question, if I may - avast! 4.8 (not 4.7 though) checks Windows catalogs to see if the particular file is a genuine system file. If it is, the false detection doesn't occur. On the affected computers, this check has obviously failed...

So, anybody affected by the false alarm with avast! 4.8 - have you installed any tweaking tool that may have deleted the catalogs (I was told nLite / vLike might possibly do that - though I don't know them myself), causing the file not to be recognized as a Windows system file?

[[ alex ]]

I've got the same problem here in BRAZIL with Windows XP SP1 (pt-br).
I came to this forum when I was searching on google how to solve this SVCHOST problem.

How can a such problem be caused by a ANTI-VIRUS who is supposedly made to protect us? 


NO MORE AVAST PRODUCTS will be installed on my computers...

[DavidR]

It is made to protect and for the greatest majority that is what exactly it does, all AVs and security products suffer to one degree or another from false positive detections. Lets not lose sight of that or soon you will have no security products installed on your computers as one by one they suffer from a false positive detection.

Lets also not forget that avast doesn't make decisions autonomously but offers you the user a number of options, 'Move to Chest' being the safest 'first do no harm' and investigate the problem (as you did via google, directly at the forums would have been quicker). You could then restore it from the chest (exclude the file until a VPS corrects the problem, now done) and you should be back to square one without any huge drama.

Good luck with whatever you do install on your computers.

[Lisandro]

I've got the same problem here in BRAZIL with Windows XP SP1 (pt-br).

I'm using it in two computers and was not alerted by avast.

How can a such problem be caused by a ANTI-VIRUS who is supposedly made to protect us?  NO MORE AVAST PRODUCTS will be installed on my computers...

Not a software is perfect. Sorry for the inconvenience.

[ring0]

It is made to protect and for the greatest majority that is what exactly it does, all AVs and security products suffer to one degree or another from false positive detections. Lets not lose sight of that or soon you will have no security products installed on your computers as one by one they suffer from a false positive detection.

Lets also not forget that avast doesn't make decisions autonomously but offers you the user a number of options, 'Move to Chest' being the safest 'first do no harm' and investigate the problem (as you did via google, directly at the forums would have been quicker). You could then restore it from the chest (exclude the file until a VPS corrects the problem, now done) and you should be back to square one without any huge drama.

Good luck with whatever you do install on your computers.

false + ok , but on system files like svchost , its a shame !!!, do you test your viral definition before releasing them ?

 Avast is using old detection technlogy based mostly on signature , and just a poor heuristic , emulation . The antirootkit is just the excellent gmer integrate in it , not able to develop your own antirootkit ? it's maybe to hard for alwil devellopers !

Avast belongs to the past sorry but s thats the reality, if no improvements are made in the future your reputation will become worse into worse , just have a look on most security s forum about avast opinion .

[trq]

Hi,

sorry for my poor english.

We have the same problem in Poland. There are many posts in polish forum sites with request for help.
People don't know what to do. I think someone should write about this on avast official site, because it's really hard to find in internet a good advice what to do.

I hope that was the last time.

[calgero]

Hello

I think that the post of fonzy44 on page 3 express exactly the general feeling of avast user's.

Avast is free but this doesn't prevent to be professional.

An official communication from Avast about this incident is a minimum even if the problem seems to be solved today after updated of avast antivirus.

Thanks for your attention.

[Lisandro]

An official communication from Avast about this incident is a minimum even if the problem seems to be solved today after updated of avast antivirus.

I think someone should write about this on avast official site, because it's really hard to find in internet a good advice what to do.

Igor posted something before (reply #40)... although it will be better in the homepage as you've suggested.

[pierrebulle]

Une solution qui a marché pour moi, Xp Pro SP1.

Remettre le fichier SVCHOST sur windows\system32 et importer les clés du current control set effacées suite à la suppression du fichier par avast, ces clés concernent les services gérés par svchost.

Joint le fichier zippé à renommer en exe.

[pegail]

Salut pierre, j'ai téléchargé ton fichier et je l'ai renommé en regfiles.exe mais ça ne s'ouvre pas, ça me met "regfiles.exe n'est pas une application win32 valide".
Pourrais-tu le reuploader, mais en .rar ou .zip cette fois ?
Merci

[pierrebulle]

Effectivement un souci d'archive

Je remets le fichier toujours a renommer en exe, je ne suis par sur qu'il soit utilisable sur un systéme instable en zip.

[pegail]

ça ne marche tjs pas 
Meme message ...