it's there anyone know what is "svchost.exe"

i don't know this topic is right post here, if not please tell me to change again.

we find "svchost.exe" in index.html when we export the capx into html5.

does it a trojan horses??

after we reinstall C2 and put any plugin, it does not matter.

so we doubt whether the plugin will be implanted Trojan??

can you help us??

thanks!!!!!

R0J0hound thanks your friendly reminder!

we only found the intex.html which exported by C2 has that section of code....

"svchost.exe" is a part of windows that runs services. Services are things that runs in the background, the audio playback service, printer service, networking service, etc... Basically it's mainly essential windows stuff plus services added by other software.

Html will never deal with that file, and in fact cannot access it in most browsers, let alone with javascript. But that isn't javascript, it's vbscript which is a windows thing.

Anyways C2 does not generate that stuff in it's exported html, which means something on your pc is putting that in the file. It's probably a virus/tojan/spyware/etc of some kind infecting your pc. That html probably tries to run something on your computer that's encoded in that hexadecimal string. Good news is it probably only does something if run from iexporer. Well, if you can call that good news.

Your solution is to get an antivirus to clean your computer, and/or have someone tech savy that you know help you.

This is nothing to do with C2, as R0J0hound has already said.

Malwarebytes is also a good free scanner than can detect a lot of malware/trojanware that some AVs can miss.

Malwarebytes is also a good free scanner than can detect a lot of malware/trojanware that some AVs can miss.

That's a good choice. I'd suggest you do a boot time virus scan (Avast can do such) and run Malwarebytes too.

R0J0hound zenox98 glerikud Thanks a lot my friends!!! i try to scan it.