5 Mar 2012 ~ PCCare247.com PCCare247.com Blog, PC Care 247 Tech Support Redefined

Monday 5 March 2012

Beware!! For these processes have a Malicious Intent


Malware RemovalMalware – The term is so synonymous with everything that intends to shred the security of our PC into tatters. But then again, also on a flipside, in spite of the entire hullabaloo, not all malware is malicious in intent and is commonly referred to as spyware; malicious software truly hell bent on infiltrating computers every now and then.

A case wherein hackers end up refining the capabilities of malware, expanding the flux technologies in order to obscure the infrastructure and making it even harder to locate their servers. However, in the recent times recent variants have come out that are able to detect when someone is investigating an activity; in order to respond with a flooding attack against an investigator. In short, malware is becoming stickier on target machines and more difficult to shut down.

So, just in case to prepare PC users better, we ended up preparing a list of processes which need to be watched out for in order to take any malware threat head on. Starting with:

ISASS.EXE
A part of Optix.Pro virus, Isass.exe is also better known as the Optix.Pro Trojan that carries along with it a payload ability to disable firewalls, local security protections and the ability to open a backdoor capability for fairly unrestricted access into a PC. The Trojan was a brainchild of someone by the name of s13az3; who at the same instance also ended up being a part of the Evil Eye Software crew.

NVCPL.EXE
A component of W32.SpyBot.S Worm; Nvcpl.exe is a process that is registered as the W32.SpyBot.S worm (It at the same time is also associated with the Yanz.B worm which again is once again just another name). Taking advantage of the Windows LSASS vulnerability, the process creates a buffer overflow, forcing a PC to shut down. Although not necessarily considered to be a particularly destructive piece of malware, it is a nuisance since it continues to access an e-mail address books while at the same time sending spam to contacts.

CRSS.EXE
Crss.exe is a process-forming part of the W32.AGOBOT.GH worm. The spyware worm is distributed via the Internet through e-mail and acquires the form of an e-mail message, in the hope that a PC user would end up opening the hostile attachment. The worm has its own SMTP engine to gather E-mails from a local computer while at the same instance trying to re-distribute itself. Yet, at the same time in worst case circumstances, the worm also ends up allowing attackers to access a PC while stealing personal data and passwords.

SCVHOST.EXE
A part of the W32/Agobot-S virus family, the scvhost.exe file belongs to the Agobot (aka Gaobot) PC worm family. The Trojan ends up spreading itself via networks and allows attackers to access a PC from remote locations, steal their passwords and along with it all forms of Internet banking and personal data.

SVHOST.EXE
Svhost.exe is a process associated with the W32.Mydoom.I@mm worm. The worm is distributed as an e-mail message and requires a PC user to open a hostile attachment. Using the SMTP engine, the MyDoom worm is known to gather e-mails from a local computer in order to redistribute itself. Further, as it would go, the other payload carried by the process was a denial of service attack on the website of SCO Group. But that’s somehow not it, for the later versions of the worm have also been known to carry out denial of service attacks on other sites, and those popularly being Google and Lycos. http://www.pccare247.com/pc-security/malware-removal.html

PCCare247.com Copyright © 2012-2013 by PCCare247 Solutions (P) Ltd.