« previous next »
Pages: [1]   Go Down

Author Topic: sachost is this a virus or not?  (Read 2571 times)

0 Members and 1 Guest are viewing this topic.

Dennis82

  • Guest
sachost is this a virus or not?
« on: April 15, 2008, 08:53:48 PM »
Every time I use my usb-stick on my laptop, it puts this "sachost" file on it.
The virus scanner at my school recognizes this file as a trojan but Avast home
edition doen't.
Can anyone tell me if its a virus and if so, how can I remove it?

Logged

ratchetclan4

  • Guest
Re: sachost is this a virus or not?
« Reply #1 on: April 15, 2008, 09:05:08 PM »
yes it might be if its in system32

If you have a process called sachost.exe  your pc may be infected with a form of the tofger trojan.
sachost.exe is considered to be a security risk, not only because antivirus programs flag tofger trojan as a trojan, but also because other sites consider it a Trojan as well.
sachost.exe can do stuff like loss of data, loss of control or leaking private information.

sachost.exe is able to record keyboard inputs. The process uses ports to connect to LAN or Internet. The file is not a Windows core file. sachost.exe is able to hide itself, monitor applications. Therefore the technical security rating is 100% dangerous.

also
The program is not visible. sachost.exe is an unknown file in the Windows folder.


its a startup process and not a task manager item...

---------------------------------------------------------------------
so my verdict is YES IT IS try scanning it with jotti or virustotal BUT NOT THE ONE IT PUTS ONTO THE FLASH DRIVE find the actual file in your WINDOWS folder to scan
« Last Edit: April 15, 2008, 09:12:32 PM by ratchetclan4 »
Logged

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: sachost is this a virus or not?
« Reply #2 on: April 15, 2008, 09:19:20 PM »
send the file in a password protected archive to virus[at]avast[dot]com, it will be analyzed and detected asap..
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Re: sachost is this a virus or not?
« Reply #3 on: April 15, 2008, 10:48:21 PM »
Hi Dennis82,

Name:     Online Service
Filename:    sachost.exe
Fix sachost.exe errors:    Try a Registry Scan
Command:    %WinDir%\sachost.exe
Description:    Added by the Troj/Multidr-E Trojan.
File Location:    %WinDir%\sachost.exe
Startup Type:    This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category:    O4 Entry

Also found to be part of an autorun infection:
On your usb stick the files sachost.exe & autorun.inf appear when you run it on a PC. If you delete these files, and these files are automattically reloaded by autorun when you put the usb stick into the PC.

Contents autorun folder:

[AutoRun]
open=sachost.exe
shellexecute=sachost.exe
shell\Auto\command=sachost.exe.


See the various cleansing routines here for autorun infections,

polonus
« Last Edit: April 16, 2008, 10:39:14 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »