Svchost.exe makes changes to folders is it dangerous?

D

Danilich1232021-12-13 16:17:43

Windows

Danilich123, 2021-12-13 16:17:43

svchost.exe makes changes to the \Device\Harddisk0\DR0 folders, but the actions are blocked by the administrator. I turned on real-time protection in Windows 10 and this is how it started. What could it be? And is it a virus?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

rPman, 2021-12-13
@Danilich123

In the task manager, turn on showing the path (it seems there it is called an image) and the launch command line and see where your svchost.exe is located, those in the windows system directory are part of windows services, but if somewhere in the user profile, then this is 100 % malware, they like to disguise themselves as it.
Also, download the sysinternails utilities - process explorer and autoruns from the Microsoft website, the first will allow you to see the digital signatures of running processes (otherwise you need to click on each in the manager and view the properties), only a very small number of drivers do not have them, in other cases it is almost certainly a virus (but the absence of such is not a guarantee, since there are no tools for digitally signing scripted scripts in windows), autoruns will allow you to conveniently see what automatically starts in the system, as well as control digital signatures

M

Mikhail Lyalin, 2021-12-13
@mr_jok

Defender = not a panacea
Svchost.exe = known place to store all sorts of rubbish
boot from LiveCD/DVD/flash USB and scan with more serious antivirus