[RESOLVED]Svchost.exe..ohh! no virustotal results FP?

[true indian]

this is my system svchost.exe

its from:

c:\windows\system32\svchost.exe

is this a FP on virustotal?
https://www.virustotal.com/file/121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2/analysis/1327158269/

I investigated with comodo kill switch and found that this the only svchost running on my clean win7...

Whats the big deal with esafe?

[!Donovan]

Interesting to read all the comments.

You can send a sample to virus [at] avast [dot] com for analysis.

You can also try uploading it to Comodo's Instant Malware Analyzer http://camas.comodo.com To see what it does.

[true indian]

Comodo online file analyzer says its a not a excutable file....when i put it from my comodo defence+ for online lookup it says the file is safe...


comodo kill switch also tells me this is the only svchost on my win7 and it is legitimate...


threatexpert report:
http://www.threatexpert.com/report.aspx?md5=54a47f6b5e09a77e61649109c6a08866

[!Donovan]

Comodo online file analyzer says its a not a excutable file....when i put it from my comodo defence+ for online lookup it says the file is safe...

Did you try sending it to avast yet?


Also:

Dropped file from trojan downloader. Download url ; hxxp://russian-post.net/load/load.exe
#malware
Posted 1 year, 4 months ago by remixed

https://www.virustotal.com/user/remixed/

A search for this reveals a lot of hits.

[true indian]

my threatexpert report doesnt report any malware...

i have sent the file many times before but it has been found as clean...

[!Donovan]

Probable eSafe fp

First seen by VirusTotal
2009-07-22 12:30:01 UTC ( 2 years, 6 months ago )

Last seen by VirusTotal
2012-01-21 15:04:29 UTC ( 36 minutes ago )

[true indian]

I have asked essexboy to take a look at the Vt report and this topic...lets see what he has to say....

probably this thing has even been reported at comodo forums...google search revealed it....that has been done a long while ago so they have found the file to be clean and legit.

i saw even many people on the forums have also reported it to avast! and the file hasnt been reported as malware...it is clean and legit even according to threat expert..

according to kill switch my svchost is connecting to the dhcp and event log....and to the windows update service...remote address for my svchost doesnt exist phew!

[Pondus]

it is a eSafe false positive


First seen by VirusTotal
 2009-07-22 12:30:01 UTC ( 2 years, 6 months ago )
Last seen by VirusTotal
 2012-01-21 15:04:29 UTC ( 46 minutes ago )

[!Donovan]

according to kill switch my svchost is connecting to the dhcp and event log....and to the windows update service...remote address for my svchost doesnt exist phew!

Glad to see your problem is solved.

@Pondus

Good job for repeating every word I said.

[true indian]

Yup! its sure safe and legit

So my system is clean.

[Pondus]

Good job for repeating every word I said.

yes...but he did not seem to hear what you say.....red letters scream louder  

[DonZ63]

Here's the detail on svchost.exe on my WIN 7 x64 SP1 installation. My size is 26.5K and has not changed from initial installation it appears.

[true indian]

Good job for repeating every word I said.

yes...but he did not seem to hear what you say.....red letters scream louder  

I reported this as FP to esafe long ago but they dont seem to remove the detection...poor tech support  :'(

[true indian]

Mine is little smaller 20.5 KB


Not changed from 14 july 2009  

LOL! that time i didnt even have this laptop...

Not accessed since 14 july 2009 

[!Donovan]

Good job for repeating every word I said.

yes...but he did not seem to hear what you say.....red letters scream louder  

Okay, so I just have to use RED letters from now on and Oindian will 'hear my cry'?