Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us


Name scchost.exe


W32.HLLW.Donk is a worm that spreads through network shares, opening numerous TCP ports in the process.
Also has backdoor capabilities that give a hacker access to infected computer.
Also Known as Backdoor.SdBot.gen

Copies itself as %System%\Scchost.exe.

Adds the registry value: "Services Host"="Scchost.exe"
to the registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

If the filename of the worm is not scchost.exe, the program will kill itself and start scchost.exe as a service.

Attempts to spread using the following file shares:

If a connection is made, the worm copies itself to the following folders:
Winnt\Profiles\All Users\Start Menu\Programs\Startup
Windows\Start Menu\Programs\Startup
Documents and Settings\All Users\Start Menu\Programs\Startup

Connects to a specific IRC server and joins a specific channel to accept instructions from the hacker:
Flooding a specified host
Downloading a file from the hacker
Executing a file

Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0