Is the file SVCHOST.EXE located on your computer? Then your computer is infected.
We do suggest you should remove SVCHOST.EXE from your computer as soon as possible.
SVCHOST.EXE is Trojan/Backdoor.
Kill the process SVCHOST.EXE and remove SVCHOST.EXE from the Windows startup.
Malware Analysis of SVCHOST.EXE
Full path on a computer: %Program Files%\DNSProtectSupport\svchost.exe
Detected by UnHackMe:
SVCHOST.EXE
Default location: %Program Files%\DNSProtectSupport\svchost.exe
Removal Results: Success
Number of reboot: 1
SVCHOST.EXE is known as:
Trojan.DNSProtectSupport, Spyware.Password, a variant of Win32.Agent.PSH
SVCHOST.EXE hash:
- MD5: 917513ab24043a183e3f599a87497b73
The file tries to connect to the dangerous web site.
How to quickly detect SVCHOST.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\DNSProtectSupport\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\DNSProtectSupport\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\DNSProtectSupport\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\DNSProtectSupport\ImagePath: “%Program Files%\DNSProtectSupport\svchost.exe”
- HKLM\System\CurrentControlSet\Services\DNSProtectSupport\ObjectName: “LocalSystem”
Folders:- %Program Files%\DNSProtectSupport
Files:- %Program Files%\DNSProtectSupport\svchost.exe