Duhan Orhan 0 Posted February 6, 2021 Share Posted February 6, 2021 4 days ago, the computer got infected with a trojan and after I cleaned the computer from the trojan, I did a full scan of the computer with the window and also with eset and many antivirus programs, they did not find anything, but when I did with gridinsoft, they found many malware and 3 trojans bend immediately looked at the network protection log of Eset and svchost.exe I noticed that I was trying to access the network with various ip addresses. I shared an example below. I have a trojan in my computer or a trojan infected with svchost.exe? Link to comment Share on other sites More sharing options...
itman 1,627 Posted February 6, 2021 Share Posted February 6, 2021 (edited) All the svchost.exe connections look legit except to port 8000. Review this: https://www.speedguide.net/port.php?port=8000 and determine if you are using any legit apps listed in the article. What you can do is create an Eset firewall rule to block all inbound and outbound network traffic for C:\Windows\System32\svchost.exe for protocol UDP remote port 8000. Enable alerting and logging for the rule. This rule will at least notify you of this activity from which you might be able to determine the source app for the activity. Edited February 6, 2021 by itman Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted February 6, 2021 Most Valued Members Share Posted February 6, 2021 3 hours ago, Duhan Orhan said: 4 days ago, the computer got infected with a trojan and after I cleaned the computer from the trojan, I did a full scan of the computer with the window and also with eset and many antivirus programs, they did not find anything, but when I did with gridinsoft, they found many malware and 3 trojans bend immediately looked at the network protection log of Eset and svchost.exe I noticed that I was trying to access the network with various ip addresses. I shared an example below. I have a trojan in my computer or a trojan infected with svchost.exe? Never heard of grindsoft but if many well known AVs find nothing and a small unknown one finds loads it raises alarms for me. It might not be the case with this specific AV, but I've seen cases will small unknown ones which have lots of false positives. Some also use bad business practices such as telling you you have viruses and need to buy the software to remove them but they don't exist and its just to get you to pay. Some in the past have even infected the user as a way to get them to pay Link to comment Share on other sites More sharing options...
Recommended Posts