I just had this same alert happen on our build server. This system has a
copy of svchost.exe in:
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356
So something caused windows to install a side-by-side copy. The actual exe
is the sam
Hi Ozgur,
This is strange.. svchost.exe should not be running outside of the system32 dir
on a 32 bits system. Did you run an anti-virus in this box to see what
it finds? This
is the first time I see a false positive in this check. (in fact, all
the times I saw it alerting
was on real malware)
T
Hi,
Today I got this from one of our servers.
Received From: (E-Business) 10.xx.xx.xx->rootcheck
Rule: 513 fired (level 9) -> "Windows malware detected."
Portion of the log(s):
Windows Malware: Possible Malware - Svchost running outside system32.
Process: svchost.exe.
Searching the lists there