Re: port 1025 open by svchost.exe, how 2 disable?

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 08/04/04


Date: Wed, 04 Aug 2004 04:58:49 GMT


"Tony Martin" <archangel@ofnospam.org> wrote in message
news:jh6vg01injsj6e249kgticqvujm3figj36@4ax.com...
> Hi,
> I use dialup to connect to the Internet.
>
> It appear port 1025 is open and listening on my
> XP Home computer. It appears to be associated
> with a win os utility called svchost.exe
>
> The problem is I notice various chinese and korean
> sites connecting to that port (reasons unknown?)
>
> I notice at least 7 versions of svchost.exe in
> the "services" window. Can anyone tell me
> which of these services is unnecessary or
> the one causing port 1025 to be open and
> listening so I can disable it? Or the number
> of a MS security update patch that will stop
> this? Please reply here.
>
> Thanks for any assistance!
> Tony

The 'svchost.exe' is the executable name associated with 'Service Host
Process' which is responsible within the Windows O/S for running various
internal processes. It is perfectly normal to have multiple occurrences
of 'svchost.exe' running and this is because each instance is
responsible for running one or more other processes.

Instead I recommend that you leave the 'svchost.exe' files alone and not
continue any efforts to look for ways to disable it. Otherwise you may
find yourself with an unstable system or more probable, a new doorstep
to hold your bedroom door open. Of course the latter is a bit of an
exaggeration, but if I were you I'd focus on ensuring that the system is
secured with a decent firewall, is virus and spyware free.

SPECIAL NOTE: If you're running Windows XP Pro you can open a DOS
window, type TASKLIST /SVC and press Enter. The result is that you'll
receive a listing of all running processes, including the instances of
'svchost.exe' as well as what each is running. Additionally if you want
to know what specific process is responsible for which TCP/IP ports,
type NETSTAT -ANO and press Enter. The result is that you'll receive a
listing of ports and PIDs. With the PIDs compare it to the list of PIDs
from running the TASKLIST command and voila!

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".