Avast WEBforum

Other => Viruses and worms => Topic started by: rajnar.blaz on July 26, 2022, 10:49:24 PM

Title: Avast pop-up svchost.exe regularly..?
Post by: rajnar.blaz on July 26, 2022, 10:49:24 PM

Hi, my Avast antivirus keeps sending me notification about svchost.exe
I did have many trojan viruses, because i downloaded sketchy program today. Since than - Firstly, I ran my Avast scans - quick scan, full system scan, smart scan, etc... it did at some point find and quarantined a virus, which I removed. I did everything also from this site - https://www.bleepingcomputer.com/virus-removal/remove-svchost.exe-32-miner-trojan#rkill but i am still geting the pop ups.

Notification that pops up:
name: URL:Blacklist
URL: hxtp://35.236.159.79/win.pac
proces: C:\windows\system32\svchost.exe

Title: Re: Avast pop-up svchost.exe regularly..?
Post by: DavidR on July 26, 2022, 11:10:32 PM

Please remove the http:// in front of the IP address so the link isn't active to a suspect site

However see the information here  - https://www.ipaddress.com/ipv4/35.236.159.79 - about that IP.  This is reported as being a google.cloud source bc.googleusercontent.com (Taiwan), now the fact that it is supposedly a google cloud source doesn't mean OK being googleusercontent, I would have to assume that user content could contain malware.

Whilst there are occasions when svchost.exe is used legitimately to connect, it can be misused.

A screenshot of the attached alert with the See Details option expanded might help also.

If the file was sent to quarantine it should still be there (unless you deleted it) what was the file name and malware name given by Avast ?