Re: ZoneAlarm - How to identify Generic Host Process Origin?

From: David (davidwnh@adelphia.net)
Date: 10/28/02 

From: "David" <davidwnh@adelphia.net>
Date: Mon, 28 Oct 2002 01:39:22 GMT

Are the three instances in ZA or task manager? If it's task manager that
would probably be normal. If it's ZA there are two possibilities.
If you have installed service packs or patches sometimes ZA won't update the
old program entry and instead adds new entries. If this is the case all
three entries will show the program directory to be
%systemdirectory%\system32(%systemdirectory% will be "windows" or "winnt"
depending on whether XP was an initial install or upgrade). Right click the
program entry in ZA and click properties. This will show you the directory
that the program is in. Even if all are in the correct directory this could
still be a problem so go to the Microsoft website and lookup this
file(version specific) and make sure the file size on your system is the
same as what Microsoft's website says it to be for that specific version.

The second possibility(and most likely) is that you have a virus or trojan.
If any of the directories for this file are other than what I mentioned
above you have a virus. Any that are not in the correct directory you must
deny all access to immediately in ZA. That will isolate it/them until you
clean it/them out. Try not to isolate the "real" svchost or you will lose
your internet connectivity(Unless you have another computer to access the
internet with). If this is the case,scan it with your AV software and see if
you can identify the virus. If it identifies it go to your AV's website and
get the cleanup tool. If it doesn't repost with your outcome and we'll try
to give further help.

 Port 5000 is Universal plug and play. Has it's purpose however it is not
usually necessary to use and is known to be used by hackers. A lot of people
don't need it and GRC.com has a tool to disable it.

"bgc" <replyto@thegroup.org> wrote in message
news:urovr41089d2f1@corp.supernews.com...
> Hello,
> I've got ZoneAlarm running on my Windows XP system. It shows 3
instances
> of "Generic Host Process for Win32 Services" running, including one that
is
> listening to TCP port 5000. Is there any way to identify the origin of
each
> of these entries, i.e. what program or dll started each one?
>
> Thanks,
> BGC
>
>

Relevant Pages

  • Re: ZoneAlarm - How to identify Generic Host Process Origin?
    ... I doubt I have a virus or trojan, my AVS is up to date and has ... > old program entry and instead adds new entries. ... > depending on whether XP was an initial install or upgrade). ... > same as what Microsoft's website says it to be for that specific version. ...
    (comp.security.firewalls)
  • Re: WindowsXP Delayed Response -I dont know how else to describe it :
    ... Task Manager and msconfig will not suffice in searching down most viruses/spyware/adware that runs hidden in a stealth mode. ... You need to run a full system virus scan with a fully up-to-date virus app and then check for any other nasties. ... Copy HJT to it's own folder, this is where the log files will be saved. ... Read the quick start here on how to create a log file that can be copied/pasted into a forum that can provide assistance on removal of unwanted pests. ...
    (microsoft.public.windowsxp.basics)
  • Re: Lost Task Manager
    ... Or do they act the same way as Task Manager? ... If they act the same way, you most likely have a virus. ... No need to uninstall Norton. ... >> Trend Micro - Free online virus Scan ...
    (microsoft.public.windowsxp.basics)
  • Re: HELP - Corrupted WindowsTaskManager
    ... To get the Task Manager tabs back double click anywhere on the border. ... not a virus or scumware. ... The icon in the tray is the Task Manager. ... > neat interface to control startup apps; ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: unable to access task manager and regedit
    ... It would help me make the utility work better. ... >i have already run many virus checkers, ... >>Creates usable copies of REGEDIT, ... >>> I am unable to access task manager and regedit. ...
    (microsoft.public.windowsxp.security_admin)