APL displays svchost.exe instance with changing PID after malware cleaned [269]

The bug/issue :

  1. What you did: I right click iencrypt.exe , " run in sandbox "

  2. What actually happened or you actually saw: Antivirus give 1 alerts, i clean it, i go into actives process list and svchost.exe changes his pid every 2seconds NOTE : The process is already killed + take 50% of cpu.

  3. What you expected to happen or see: 1 alert from antivirus + 1 bug in actives process

  4. How you tried to fix it & what happened: Reboot probably fix this issues

  5. Details (exact version) of any software involved with download link: CIS2011

  6. Any other information you think may help us: Iencrypt is a malware.

Files appended :

  1. Screenshots illustrating the bug:
  1. Screenshots of related event logs or the active processes list: Look up

  2. A CIS config report or file : Default settings.

  3. Crash or freeze dump file: None

Your set-up :

  1. CIS version & configuration used: Default

  2. Whether you imported a configuration, if so from what version: none

  3. Defense+ and Sandbox OR Firewall security level: Default

  4. OS version, service pack, no of bits, UAC setting, & account type: WINDOWS 7 64bits , UAC On

  5. Other security and utility software running: None

  6. CIS AV database version: 6192

i send the malware here : https://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html;msg440808#msg440808

Many thanks for making this report in the requested format, an excellent issue report.

I am now forwarding this to confirmed issues

Best wishes

Mouse

Could you confirm whether it is the malware which was killed by cleaning or both the malware and the svchost instance.

(I assume the former)

Did you run process explorer or task manager to check?

Many thanks

Mouse

Hi, i run the malware, antivirus give an alert for 1 files, iencrypt.exe got removed from memory by sandbox(i think), svchost.exe come, drop out of memory, and still come every seconds, yes i run task manager for check.

and svchost.exe wasnt here, sorry for double post :a0