File Search: 

ThreatExpert's awareness of the file "svchost.exe":

Across all ThreatExpert reports, the file "svchost.exe" was mostly identified as a threat.
File "svchost.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "svchost.exe"7,799
Number of incidents when this file was found to be a threat6,943
Statistical volume of cases when "svchost.exe" was a threat89%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "svchost.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AllUsersProfile%\menu iniciar\programas\inicializar\svchost.exe
%AppData%\{187412dd-6f8d-45a5-a1f6-e7b6fe193f5b}\cmd.exe
%AppData%\{187412dd-6f8d-45a5-a1f6-e7b6fe193f5b}\ctfmon.exe
%AppData%\{bfb5f154-9212-46f3-b547-ac6106030a54}\cmd.exe
%AppData%\{bfb5f154-9212-46f3-b547-ac6106030a54}\ctfmon.exe
%AppData%\1.exe
%AppData%\awserv\svchost.exe
%AppData%\blaah.exe
%AppData%\br6657on.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\csrss.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\explorer.exe
%AppData%\findfast.exe
%AppData%\hose.exe
%AppData%\icsys.icn.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\inetinfo.exe
%AppData%\ldr.exe
%AppData%\lsass.exe
%AppData%\macromedia\update\svchost.exe
%AppData%\microsoft xml\svchost.exe
%AppData%\microsoft\credentials\msvlui.com
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\network\svchost.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\svchost.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\msonsm.com
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\svchost.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\svchost.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\microsoft\winlog.exe
%AppData%\microsoft\winnt.com
%AppData%\mrsys.exe
%AppData%\msapps\svchost.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\narrator\explorer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\s95-231246-hat83-e3-62366-hasg-1732736\svchost.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\services.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\smss.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\svchost.exe
%AppData%\svchost\svchost.exe
%AppData%\system\svchost.exe
%AppData%\system32\svchost.exe
%AppData%\taskengs.exe
%AppData%\tec\svchost.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows update\svchost.exe
%AppData%\windows.exe
%AppData%\windows\services\svchost.exe
%AppData%\windowsupdate.exe
%AppData%\winlogon.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.

The file "svchost.exe" has the following possible countries of origin:
OriginNumber of Incidents
China526
Germany373
Russian Federation158
Brazil51
Spain39
Sweden29
Iran26
Belgium22
Taiwan19
United Kingdom18
Egypt16
Romania10
Netherlands8
Japan6
Uzbekistan6
France5
Italy4
Switzerland4
Thailand4
Australia3
Israel3
Poland3
Portugal2
Saudi Arabia2
Turkey2
Ukraine2
Austria1
Belarus1
Canada1
Honduras1
Indonesia1
Ireland1
Lithuania1
Norway1
Republic of Korea1
Serbia and Montenegro1
Viet Nam1

The following threats are known to be associated with the file "svchost.exe":
Threat AliasNumber of Incidents
Keylog-Ardamax.dll [McAfee]121,785
not-a-virus:Monitor.Win32.Ardamax.ae [Kaspersky Lab]98,325
Spyware.Ardakey [Symantec]98,019
MonitoringTool:Win32/Ardamax [Microsoft]97,639
W32.Jeefo [Symantec]92,523
W32/Jeefo [McAfee]92,512
Virus.Win32.Hidrag.a [Kaspersky Lab]88,997
Trojan-Spy.Ardamax.J [Ikarus]81,076
Win32.Hidrag [PC Tools]74,415
Application.Ardamax_Keylogger [PC Tools]58,654
TROJ_FLOOD.AF [Trend Micro]53,107
Win-Trojan/Xema.variant [AhnLab]42,099
PE_JEEFO.A [Trend Micro]39,409
TrojanSpy.Ardamax.WQ [PC Tools]36,916
Backdoor.IRC.Bot [Symantec]31,671
Generic.dx [McAfee]26,980
Application.Ardamax!ct [PC Tools]25,185
W32/Jeefo-A [Sophos]17,143
Virus:Win32/Jeefo.A [Microsoft]16,215
BKDR_CIADOOR.EA [Trend Micro]15,935
Trojan.DL.VB.AAVI [PC Tools]15,553
TROJ_AGENT.ACSF [Trend Micro]15,468
Virus.Parite.B [PC Tools]14,938
Trojan.Win32.Agent.cmn [Kaspersky Lab]13,664
Trojan-Downloader.Win32.VB.bsa [Kaspersky Lab]11,586
Win32/Hidrag [AhnLab]9,659
Exploit.Win32.IMG-WMF.fk [Kaspersky Lab]9,225
Downloader.gen.a [McAfee]7,965
Virus.Win32.Hidrag [Ikarus]7,952
Troj/PWS-AXY [Sophos]7,052
Hacktool [Symantec]6,697
Virus.Win32.Hidrag.A [Ikarus]6,023
Exploit.Win32.IMG-WMF [Ikarus]5,952
Exploit.IMG-WMF!sd6 [PC Tools]4,879
Exploit.IMG-WMF [PC Tools]4,264
Trojan.Zlob [Ikarus]3,493
Virus.Win32.Hidrag.g [Kaspersky Lab]3,412
Win-Trojan/ExploitTool.3740 [AhnLab]3,239
Packed.Generic.181 [Symantec]3,230
Trojan Horse [Symantec]2,369
Mal/Generic-A [Sophos]2,339
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]2,284
IRC/Client [McAfee]1,990
Backdoor.IRCBot [PC Tools]1,841
Backdoor.Win32.IRCBot.aro [Kaspersky Lab]1,559
Worm.Rungbu.B [PC Tools]1,403
PE_RUNGBU.C-O [Trend Micro]1,373
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]1,255
Trojan.Agent!sd5 [PC Tools]1,251
Win-Trojan/MircPack.1790464 [AhnLab]1,213
Virus.Win32.VB.cc [Kaspersky Lab]1,090
Downloader [Symantec]1,036
W32/AHKHeap-A [Sophos]960
IRC.Backdoor.Trojan [Symantec]958
Backdoor.IRCBot.UUX [PC Tools]923
W32.Rungbu [Symantec]916
Generic PUP.x [McAfee]913
Trojan-Dropper.Agent [Ikarus]878
Trojan-GameThief.Win32.OnLineGames.trxn [Kaspersky Lab]841
Generic VB.c [McAfee]767
Worm.Win32.VB.du [Kaspersky Lab]758
PE_RUNGBU.B-O [Trend Micro]750
Worm.VB.YVF [PC Tools]750
Trojan.Popuper [PC Tools]697
W32.SillyDC [Symantec]697
Virus:Win32/Jeefo.J [Microsoft]636
Mal/VB-G [Sophos]602
WORM_VBWORM.AC [Trend Micro]520
Backdoor:Win32/Phdet.gen!A [Microsoft]485
AutoHotKey [McAfee]480
TROJ_DLOADER.FXN [Trend Micro]474
Trojan.Win32.Agent [Ikarus]425
W32.Rajump [Symantec]425
Downloader-BJM [McAfee]424
Troj/Agent-GGQ [Sophos]424
Virus.Win32.AutoRun.aim [Kaspersky Lab]418
Hacktool.Flooder [Symantec]400
Mal/FakeVirPk-A, Mal/TibsPk-A, Mal/TibsPk-D, Mal/Basine-C [Sophos]400
Trojan.Win32.Pakes [Ikarus]400
Trojan.Win32.Pakes.mzt [Kaspersky Lab]400
W32/Sdbot.worm [McAfee]395
Worm.Win32.Muha.a [Ikarus]384
Generic Downloader.z [McAfee]377
TrojanDownloader:Win32/VB [Microsoft]368
Trojan.Agent.VYJ [PC Tools]355
Generic Packed [McAfee]349
WORM_RJUMP.AI [Trend Micro]348
Trojan.Win32.Agent.abt [Kaspersky Lab]345
IRC-Worm.Win32.Tedeto.a [Ikarus]337
W32.SillyFDC [Symantec]329
TROJ_VB.CEO [Trend Micro]326
TrojanClicker:Win32/VB.M [Microsoft]316
Worm:Win32/RJump.F [Microsoft]297
TrojanClicker:Win32/Hatigh.C [Microsoft]296
PE_PARITE.A [Trend Micro]295
W32/Pate.b [McAfee]295
Virus.Win32.Parite.b [Kaspersky Lab]294
W32/LCJump-A [Sophos]294
Generic Malware.eb [McAfee]292
W32.Pinfi [Symantec]291