Jump to content

svchost.exe=rdphost.exe ?


Recommended Posts

Windows XP Home edition.sp3+




crc32: 6ef02438
FULL PATH:C:\WINDOWS\system32\svchost.exe
MODIFIED:4/14/2008 5:42:38 AM
CREATED:8/23/2001 12:00:00 PM
FILE VERSION:5.1.2600.5512 (xpsp.080413-2111).


I recently caught this file doing some odd things and in researching through online armor it was referred to the "isthisfilesafe.com" site and analyzed..

The site analysis of the md5 and shai1 hashes has indicated that the file is "RDPHOST.EXE" but it also lists "SVCHOST.EXE" as the file name. Are these two names synonymous or does this indicate that perhaps the svchost.exe file has been compromised,replaced or infected? (It is not digitally signed)

You can go to www.isthisfilesafe.com*, insert the above md5  or SHA1 for the file search and you will see what I mean.


Your help,thoughts,or ideas are


*www.isthisfilesafe.com is an emsisoft site.

Link to comment
Share on other sites

The file mentioned here is most likely seen for the first time with file name rdphost.exe and was added to the isthisfilesafe database with that file name.

When you check the file on virustotal (and click 'Additional information') you'll see more file names for the same file.

The file is actually signed, you may check the signature with Sigcheck.


Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...