Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on October 08, 2013, 01:04:16 AM
-
DNS-serverhacks is a new malware phenomenon.
The detection rate for this kind of malware is rather low, see for conhost.exe - application/octet-stream - virus dropper malware:
-> https://www.virustotal.com/nl/file/8796955247dfcadde58243d8cfdcb416b1b40fd66950433c82a05fc87e803850/analysis/
It is a virus dropper - 'conhostd.exe' is a tool to setup TOR connections.
Malware sample is located at %appdata%/<random chars>/winserviced.exe
according to twitter info from yonathan dklijnsma
The C & C is hosted as a hidden service.
How to quickly detect CONHOSTD.EXE presence?
FilesFiles:
%LOCAL APPDATA%\APPS\TRUPD.EXE
%LOCAL APPDATA%\54B2E17E\CONHOSTD.EXE
Malware Analysis of CONHOSTD.EXE
Full path on a computer: %LOCAL APPDATA%\54B2E17E\CONHOSTD.EXE
Detected by UnHackMe:
CONHOSTD.EXE
Default location: %LOCAL APPDATA%\54B2E17E\CONHOSTD.EXE
Removal Results: Success
Number of reboot: 1 (link info http://greatis.com/blog/how-to-remove-malware/conhostd-exe.htm)
See also for a full description: http://virus-com.com/viruscom/viruscom_150939.html
polonus