New
#1
W32.Sober in conhost.exe?
SpyBot discovered W32.Sober in file Windows\System32\conhost.exe (build 6956). Can somebody confirm it? Or it's fake alert?
W32.Sober in conhost.exe?
-
-
Posts : 2,899 Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)New #2
can you do a sfc /scannow???
or if you dont want to go thorough that process can you give us the MD5 hash
go here
http://www.whitsoftdev.com/md5/
download the unicode and open it point to the file itself and post the hash here..
-
Posts : 2,899 Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
-
New #4
-
Posts : 2,899 Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)New #5
yes this is a false alarm...
have 6956 in vm...
clean install
there are no connections bypassing the firewall (got ms network monitor to check for that)
and frankly avast would have picked it up (on my real machine have 6956...)
-
-
Posts : 2,899 Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)New #7
you can also check in processxp
its strings
if you know how...
here is conhost.exe strings...
i see nothing out of the ordinary in the strings....
edit: two shawns
...lol
-
-
New #9
this file was running when i was playing GTA IV.
but then after a few runs, it's gone.
-
New #10
Thanks for the info Shawn,
Was thinking of replacing my 6801 x86 with 6956 but think I'll wait till the public beta
Quote
Related Discussions