SCVHSOT.EXE - Dangerous

What you should do about SCVHSOT.EXE:

Check Your PC Now
Your PC is infected. The file called SCVHSOT.EXE is considered unsafe and there may be other infections on your PC.

You should urgently check your PC and remove any malicious software including SCVHSOT.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,076,580 people have scanned with Prevx CSI and between them have checked 30.4 billion files. 68% of the PCs scanned had malware present.

What we know about SCVHSOT.EXE:

The filename SCVHSOT.EXE was first seen on Jul 9 2007 in THAILAND. It has also been seen in the following geographical regions of the Prevx community:

INDIA on Oct 1 2007
The UNITED KINGDOM on May 14 2008

The filename SCVHSOT.EXE refers to many versions of an executable program.

The most common file size is 197,052 bytes. But the following file sizes have also been seen:

200,704 bytes
217,600 bytes

The filename is associated with the malware group SystemPoser:Trojan-c.Some files using the name SCVHSOT.EXE are also associated with the malware group:

Worm/Autoit.DL

These files may have the following Vendor, Product, Version Information in the file header ; Nhatquanglan; 1, 1, 1, 1

The following Vendor, Product, Version Information has also been reported:

; Nhatquanglan; ; Nhatquanglan; NUMTARGETS

SCVHSOT.EXE has been seen to perform the following behavior(s):

The Process is packed and/or encrypted using a software packing process
Executes a Process
Can communicate with other computer systems using HTTP protocols
This Process Deletes Other Processes From Disk
Registers a Dynamic Link Library File
Terminates Processes
This Process Creates Other Processes On Disk
Adds a Registry Key (RUN) to auto start Programs on system start up
Disables the built in Windows File Protection System
Makes outbound connections to other computers using NETBIOSOUT protocols
Disables Access to the Windows Registry Editior
Modifies Windows Security Policies to restrict/expand User Privlidges on the machine
Disables Access to the Task Manager built into Windows
Enables the system to use a Communications Proxy Server
The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
Writes to another Process's Virtual Memory (Process Hijacking)
Adds an ActiveX component
This Process is a file infector which modifies program files to include a host a copy of the infection
Creates a new Background Service on the machine
Looks at the contents of the autoexec.bat file
Reads email address and phone book details
Uses DNS to retrieve the IP address for web sites
Visits web sites without the user knowing

SCVHSOT.EXE has been the subject of the following behavior(s):

Executed as a Process
Deleted as a process from disk
Created as a process on disk
Has code inserted into its Virtual Memory space by other programs
Added as a Registry auto start to load Program on Boot up
Executed by Internet Explorer
Terminated as a Process
Copied to multiple locations on the system
Created by processes which appear to be checking for interception by security products

SCVHSOT.EXE can also use the following file names:

APTEMP.EXE
90853999.EXE
49225001.EXE
57115592.EXE
NEW FOLDER.EXE
STARTUP.EXE
MOF.EXE
X86_POLICY.8.0.MICROSOFT.VC80.CRT_1FC8B3B9A1E18E3B_X-WW_77C24773.EXE
ARTICLES ON ME.EXE
THE HINDU SUNDAY-JANUARY 25, 2004_FILES.EXE
MY VIDEOS.EXE
DC21.EXE
DC1.EXE
DC12.EXE
DC13.EXE
DC14.EXE
DC15.EXE
DC2.EXE
DC9.EXE
PREVX 2.0 PATCH.EXE
INTERNET JOURNAL FOLDER 4.EXE
TSH AND URINE ANALYSIS_FILES.EXE
ADS_DATA_003.EXE
ADS_DATA_002.EXE
TRANSIENT GLOBAL AMNESIA FOLLOWING CORONARY ANGIOGRAPHY_FILES.EXE
SPONTANEOUS OVARIAN HYPERSTIMULATION SYNDROME PRESENTING WITH ACUTE ABDOMEN_FILES.EXE
SKIN NECROSIS IN A CRITICALLY ILL PATIENT DUE TO A BLOOD PRESSURE CUFF_FILES.EXE
FALCIPARUM MALARIA MANAGEMENT_FILES.EXE
SSS KODAI 07 12TH MAY2.EXE
APEX VIDEO CONVERTER SUPER 5.95.EXE
SERIALS.EXE
SKYPE.EXE
PHONE.EXE
PREVX 2.0.EXE
DESKTOP.EXE
DC22.EXE
DC23.EXE
HP.EXE
HINHEM.SCR
S-1-5-21-1078073611-1993962763-839522115-1003.EXE
RECYCLER.EXE
BLASTCLNNN.EXE
NBPS-2064.EXE
ADOBE.EXE
ACROBAT.EXE
IMAGE TRANSFER.EXE
MY DATA SOURCES.EXE
PROJECT WINDMILL.EXE
��.EXE
PICS.EXE
VARIETIES.EXE
FROM WWW.THAIWINDMILL.COM.EXE
CONSTRUCTION.EXE
FIGURES.EXE
PAPER.EXE
HTTP.EXE
THE LAST REPORT.EXE
��19��.EXE
�� 10.EXE
��.EXE
FSS_PROGRAMS.EXE
NILESAT 101-102 & ATLANTIC BIRD 4 AT 7_0°W - LYNGSAT_FILES.EXE
HOT BIRD 6 AT 13_0°E - LYNGSAT_FILES.EXE
HOT BIRD 6-7A-8 AT 13_0°E - LYNGSAT_FILES.EXE
MY FILES.EXE
��.EXE
RECYCLED.EXE
SYSTEM VOLUME INFORMATION.EXE
��.EXE
��.EXE
BACKUP ��.EXE
BACKUP ��.EXE
MC.EXE
PC.EXE
PO.EXE
SF.EXE
SM.EXE
SO.EXE
SETUP.EXE
VAT.EXE
WH.EXE
CONS.EXE
FLOW.EXE
1033.EXE
APPROVE ISSUE.EXE
ISSUE REQUISITION.EXE
ISSUE STOCK.EXE
AD.EXE
AP.EXE
AR.EXE
BG.EXE
CM.EXE
CP.EXE
CQ.EXE
CRM.EXE
DATABASE.EXE
EM.EXE
GL.EXE
IC.EXE
JC.EXE
LC.EXE
BMP.EXE
CONTENT.FILES.EXE
MSM.EXE
MSI.EXE
THAI.EXE
FONTS.EXE
BACKUP.EXE
HR-PRO 2548(4).EXE
HR-PRO 2548(1).EXE
HR-PRO 2548(2).EXE
HR-PRO 2548(3).EXE
BCACC20.EXE
SECURITY.EXE
FULL.EXE
SOUND.EXE
BILL.EXE
CHQ.EXE
AS.EXE
BCUTILS.EXE
NU.EXE
JEWEL QUEST.EXE
IMAGES.EXE
SPLASH.EXE
HUY.EXE
BACK_UP.EXE
LAN DRIVER.EXE
SCVHSOT[1].DOC
BL4CK.COM
NHATQUANGLAN[1].EXE
MY MUSIC.EXE
MY PLAYLISTS.EXE
SAMPLE MUSIC.EXE
000BC619.EXE
SAMPLE PLAYLISTS.EXE
MY PICTURES.EXE
SAMPLE PICTURES.EXE
GANESH.EXE
JF-17 PICTURES.EXE
JF-17.EXE
DOCUMENTS.EXE
LAYOUT.EXE
TASK2.EXE
TASK 1 - REPLACE TEXT IN DIR FILE.EXE
VOL 4.EXE
APPS.EXE
SYSTEM.EXE
SHOAIB.EXE
EOPU.EXE
DPTRNPQASC-37.PMS.EXE
E53F474BBD628DA762EA110EC35C749A.EXE
E53F474BBD628DA762EA110EC35C749A.SCR

Virus, Spyware & Malware Center