Jump to content

svchost.exe Trojan Alert


Go to solution Solved by LegitMidget,

Recommended Posts

Posted (edited)

Hello to whoever this may concern; 
I've recently been getting a window pop-up (from svchost.exe) that temporarily freezes everything that is focused on the desktop, even while gaming, and basically alt tabs whatever I'm focused on for about a millisecond and then re-focuses back on whatever I was on. It's super frustrating mid-game because it stops everything for a split second then tabs back in. 
I did extensive searching throughout my PC, didn't do any suspicious installs recently, I just bought this PC last week and only installed my games and necessary trusted software. 
Went on Task Manager and looked at the file path for svchost and all that I saw was filepaths in System32 (so no signs of malware). 
I ran multiple malware software and not one has fixed the issue yet. I get a notification ~ 5minutes telling me about the Trojan from svchost from Kaspersky. 

I'm currently on Microsoft Windows Version 21H2 (OS Build 22000.918)
Using Kaspersky Premium version 21.7.7.393 (a)

I'll also attach a log of the report I get regarding the trojan.

I'd like to know a fix to this problem, as I don't want to get a notification every 5 minutes about it (I have notif's disabled, but still annoying seeing svchost.exe pop up as malware every 5 minutes)

d11775c88ef5e51e66e793c1fe220006-0.jpg

d11775c88ef5e51e66e793c1fe220006-1.jpg

Edited by LegitMidget
Flood and Flood's wife
Posted (edited)
21 hours ago, LegitMidget said:

I'm currently on Microsoft Windows, 21H2 (OS Build 22000.918); Kaspersky Premium version 21.7.7.393 (a)

Hello @LegitMidget

Welcome!

?MS Windows, 21H2, 22000.918, is in Preview release (confirmed by Microsoft support); Kaspersky does not support any OS other than commercially released, reference: Kaspersky Premium, Hardware and software requirements; please install a commercially released OS & recheck the issue? 

Please share the outcome with the Community, when it's available? 

Thank you?
Flood?+?

Edited by Flood and Flood's wife
  • 5 weeks later...
Posted
On 9/10/2022 at 11:20 PM, Flood and Flood's wife said:

Hello @LegitMidget

Welcome!

?MS Windows, 21H2, 22000.918, is in Preview release (confirmed by Microsoft support); Kaspersky does not support any OS other than commercially released, reference: Kaspersky Premium, Hardware and software requirements; please install a commercially released OS & recheck the issue? 

Please share the outcome with the Community, when it's available? 

Thank you?
Flood?+?

Still the same, here's a post I made in regard to this problem I am facing, updated: 
Windows 11 svchost.exe Trojan Alert - Microsoft Community

Using a non-preview version of OS: 22H2 OS Build 22621.521

If there is any update on this side of the forum, I'm all ears.

Flood and Flood's wife
Posted (edited)
24 minutes ago, LegitMidget said:

Still the same, using a non-preview version of OS: 22H2 OS Build 22621.521

Hello @LegitMidget

You're most welcome!

  1. ?Confirm the Windows version & buildHow to find the version of your operating system? - the info you've posted here & to MS is different?
  2. Log a case with support, select either Chat or Email, select Malware, Detected threat appears over and over again template, zip the object & password protect the zip archive with a password, either: malware or infected as the password → make sure you tell support the password & a detailed historyinclude the Kaspersky Report - as a Saved text file, not a screen print
  3. Ask support to please send the case to the Virus Lab. 
  • Please share the outcome, with the Community, when it's available? 

Thank you?
Flood?+?

Edited by Flood and Flood's wife
Added question 1
Posted

Hi @LegitMidget

Please submit a case to technical support as per instruction from Flood and include the following data: 

1. Enable traces in Kaspersky 
2. Restart PC
3. Wait till the svchost.exe detect notification appears
4. Stop traces
5. Copy the System Watcher logs:
- Enable the Show hidden folders function. See this article for instructions: https://support.kaspersky.com/3580
- Press Win+R on the keyboard, copy and paste the following: 
C:\ProgramData\Kaspersky Lab\AVP21.7
- Press Enter. 
- Copy the SysWHist folder to the Desktop.
- Add it to an archive. See this article for instructions: https://support.kaspersky.com/6239

6. Upload the traces and SysWHist folder to some cloud and add the share link to the incident request

Please let me know the number of the incident to support as soon as it is submitted.
 

  • Like 2
  • Thanks 1
  • 2 weeks later...
  • Solution
Posted (edited)
On 10/11/2022 at 12:55 AM, Igor Kurzin said:

Hi @LegitMidget

Please submit a case to technical support as per instruction from Flood and include the following data: 

1. Enable traces in Kaspersky 
2. Restart PC
3. Wait till the svchost.exe detect notification appears
4. Stop traces
5. Copy the System Watcher logs:
- Enable the Show hidden folders function. See this article for instructions: https://support.kaspersky.com/3580
- Press Win+R on the keyboard, copy and paste the following: 
C:\ProgramData\Kaspersky Lab\AVP21.7
- Press Enter. 
- Copy the SysWHist folder to the Desktop.
- Add it to an archive. See this article for instructions: https://support.kaspersky.com/6239

6. Upload the traces and SysWHist folder to some cloud and add the share link to the incident request

Please let me know the number of the incident to support as soon as it is submitted.
 

Hello once again and the last time. I managed to figure out the error on my end as to why I was getting the popup and telling me it was 'svchost'. I took a look at the videos I posted on Microsoft's forum and went frame by frame as slow as I can to see what that popup was and if there was a directory path to it. Turns out there was, and it wasn't a system32 directory, it was my OneDrive and this virus was acting as an svchost application. Already cleared out my OD and cleaned out any other junk and viola! No more System Watcher flags that I got every 5 minutes and no more popups when turning Kasperkey off so this topic is all set now, thank you all for helping, much appreciated!

Edited by LegitMidget
mistake

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...