home

AVScanningService.exe

Preventon AV Scanning Service

Preventon Technologies Limited

The executable AVScanningService.exe has been detected as malware by 6 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “AV Engine Scanning Service”.
Publisher:
Preventon Technologies Limited  (signed and verified)

Product:
Preventon AV Scanning Service

Version:
1.5.76

MD5:
b0daf7fbb07de0219b223944d61ee279

SHA-1:
484feb50853b1b105d12387909315ca862ac7882

SHA-256:
f53f6865ba1c95f1fea4624b469494a4daf2f2a05631a31b449233202067d4a8

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/25/2024 1:20:45 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Patched-143
0.98/22206

Dr.Web
Trojan.Starter.1695
9.0.1.05190

ESET NOD32
Win32/Patched.HN trojan
6.3.12010.0

F-Prot
W32/Patched.G
4.6.5.141

F-Secure
Trojan.Patched.HE
5.15.154

Kaspersky
Trojan.Win32.Patched
15.0.2.529

File size:
819.6 KB (839,240 bytes)

Product version:
1.5.76

Copyright:
Preventon Technologies Limited Copyright (C) 2011

Original file name:
AVScanningService.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\common toolkit suite\avengine\avscanningservice.exe

Digital Signature
Signed by:
Preventon Technologies Limited

Authority:
VeriSign, Inc.

Valid from:
5/15/2011 2:00:00 AM

Valid to:
6/10/2012 1:59:59 AM

Subject:
CN=Preventon Technologies Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Preventon Technologies Limited, L=Mayfair, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4AF2B73EA9F43D9B781C21EFFB1C29FD

File PE Metadata
Compilation timestamp:
10/14/2011 2:53:35 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:tSMcaJLlxUgez+RSWrXuC94GEsIhfk8Dfq6Vu2klf+3:t1BHZskB+3

Entry address:
0xCA58C

Entry point:
68, 58, 02, 48, 00, E9, 34, 06, 00, 00, E8, 0F, 00, 00, 00, 43, 72, 65, 61, 74, 65, 50, 72, 6F, 63, 65, 73, 73, 57, 00, 58, C3, 90, E8, 18, 00, 00, 00, 5C, 00, 73, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6D, 00, 72, 00, 6F, 00, 6F, 00, 74, 00, 00, 00, 58, C3, 90, E8, 1E, 00, 00, 00, 5C, 00, 5C, 00, 2E, 00, 5C, 00, 67, 00, 6C, 00, 6F, 00, 62, 00, 61, 00, 6C, 00, 72, 00, 6F, 00, 6F, 00, 74, 00, 00, 00, 58, C3, 90, E8, 12, 00, 00, 00, 6B, 00, 65, 00, 72, 00, 6E, 00, 65, 00, 6C, 00, 33, 00, 32, 00, 00, 00, 58, C3...
 
[+]

Code size:
632 KB (647,168 bytes)

Service
Display name:
AV Engine Scanning Service

Type:
Win32OwnProcess


Remove AVScanningService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.