Re: C:\WINDOWS\SYSTEM32\SVCHOST.EXE

From: "Judy L" <Judy@home>

| David H. Lipman wrote:
From: "Judy L" <Judy@home>

My virus protector is blocking the following

Date/Time :
8/08/2006 - 7:39:56 AM
Event :
Self-Extracting Cabinet has been blocked from starting.

Process :
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-D.EXE
Parent :
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Vendor :
Microsoft Corporation
Version :
Self-Extracting Cabinet
Details :
Community Information - Technical Information

Anyone know what it is - if its safe or not?
Judy

OK what is your unamed "virus protector" ?
Was it truly anti virus software ? If yes, what was the name of the
infector provided If No, was it really a FireWall appluication that
blocked this ?

%windir%\system32\svchost.exe is a legititmate file.
More information is needed.
|
| I was using Prevx1 as my virus protector. I thought it might have been
| legitimate, but the virus protector thought otherwise.
| Judy
|

Prevx is good software. Albeit, all are know to have an occasional False Positive
declarartion.

So what did Prevx say %windir%\system32\svchost.exe was infected with ?
Or was it a case the Prevx prevented %windir%\system32\svchost.exe from being replaced ?


Please submit a sample of "MPAS-D.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@xxxxxxxxxxxxxx?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.