First let me say - I don’t think this is a False Positive, but I don’t know where else to post it. Please tell me if there is a more appropriate forum.
I have just scanned a hard drive partition that I don’t use often (Windows 7 64-bit), and CIS flagged a copy of svchost.exe as UnClassifiedMalware@132214640
The file is found in M:\Users[…]\AppData\Local\Temp\ is that a red flag right away? In this article:
IMPORTANT: The svchost.exe file should be in the C:\Windows\System32 folder. If you find it anywhere else, then svchost.exe could be a virus, trojan, worm, or spyware! Scan your computer with Auslogics Antivirus to make sure it’s not infected.
(But I don’t know if it’s normal for a file like svchost to sometimes get run from underneath AppData)
So I think I have a real bug. I am most interested in trying to figure out if the file has in fact infected my system, and most importantly I would like to find out what kind of damage it may have done.
I understand that this is beyond the scope of asking whether or not it is a FP. Please feel free to point me somewhere else if there is a better place to discuss and explore this…
virustotal doesnt let much space for the estimation of “just a bug”. and this result is not for discussion.
all signs are pointing to “infection”. you gave the hints yourself.
let another scanner run. malwarebytes free is a good second opinion. or a-squared free edition.
you cant be sure after “desinfection” that your system is repaired then! try to find out, what this “virus” does, and if it is making for example backdoors, well, i would not trust the computer again, until reinstall of operation system.
usually antivirus companies give an explaination about the virus when you search for the name.
lol, dont speak about stupidity when you speak stupid:
when a virus makes a backdoor, its totally unimportant if the (virus)process is running anymore or not. its like a worker who has finished his work. is a house destructed when the worker leaves?
dont say things that you cant be sure of as a fact.
so, you programmed this special virus, or why are you so sure that you know all about it?
as long as you cant be sure, you should not pretend. its not about who is right or wrong, its about: can we be sure?
and i said, he should read in the antivirus companies description what this virus does. and when it is doing some stuff, it could be that this stuff can stay dangerous.
do you suggest him to use online banking? can he be absolutely sure that his pc is “clean” now? dont put someone in danger by ignoring “danger”.
… if its really a trojan.downloader (read at virustotal) … do all the downloaded things disappear with him? is all rolled back what they have done too?
i would not bet on it!
Both the fact that a file named svchost.exe in a non standard folder and the VT report indicate you are infected.
First thing to try is simply clean the temp folder and see if the file can be easily deleted and comes back after deleting. This is to see if it is protected.