Hello ... I thought I'd start here as I am definately a security newbie. I am a sys-admin whose had the luxery of focussing on performance over the years, and ignoring security in my profession. But I've just spent a hellish 3 weeks trying to kill a trojan on my home system, and thought I'd see if anyone has anymore info.

I appear to have killed it, but it manifested itself as an executable in windows\system32 called svshost.exe (though it ran in task mgr as svChost.exe, same as the windows services one). My firewall (thank you zone alarm, lol) kept blocking in and out attempts from an ip that resolved to boom.badpenguin.com. I'm curious if anyone has any info about this domain or svshost.exe.

As, for me, it seems to be cured. svshost is no longer running, and zone alarm has no unusual traffic through it. But still, i'm curious for more info.

Cheers,
Elron