Re: ZoneAlarm - How to identify Generic Host Process Origin?
From: bgc (replyto@thegroup.org)Date: 10/29/02
- Next message: Zilbandy: "Re: Someone try to hack my machine?"
- Previous message: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- In reply to: David: "Re: ZoneAlarm - How to identify Generic Host Process Origin?"
- Next in thread: : "Re: ZoneAlarm - How to identify Generic Host Process Origin?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "bgc" <replyto@thegroup.org> Date: Mon, 28 Oct 2002 20:57:11 -0600
Hello,
There is only one listing for "Generic Hose Process" in the program
control list that shows what programs are allowed and what permissions they
have. When I say ZA shows 3 instances, I'm referring to the dashboard area
at the top right when you open the main ZA window. It shows little icons
that indicate what programs are active. All they say is "Generic Host
process...", not what it actually is. I just wanted to know what started
each one. I doubt I have a virus or trojan, my AVS is up to date and has
been on the system since I did a clean install of XP.
BGC
"David" <davidwnh@adelphia.net> wrote in message
news:ez0v9.4700$Zx.847959@news1.news.adelphia.net...
> Are the three instances in ZA or task manager? If it's task manager that
> would probably be normal. If it's ZA there are two possibilities.
> If you have installed service packs or patches sometimes ZA won't update
the
> old program entry and instead adds new entries. If this is the case all
> three entries will show the program directory to be
> %systemdirectory%\system32(%systemdirectory% will be "windows" or "winnt"
> depending on whether XP was an initial install or upgrade). Right click
the
> program entry in ZA and click properties. This will show you the directory
> that the program is in. Even if all are in the correct directory this
could
> still be a problem so go to the Microsoft website and lookup this
> file(version specific) and make sure the file size on your system is the
> same as what Microsoft's website says it to be for that specific version.
>
> The second possibility(and most likely) is that you have a virus or
trojan.
> If any of the directories for this file are other than what I mentioned
> above you have a virus. Any that are not in the correct directory you must
> deny all access to immediately in ZA. That will isolate it/them until you
> clean it/them out. Try not to isolate the "real" svchost or you will lose
> your internet connectivity(Unless you have another computer to access the
> internet with). If this is the case,scan it with your AV software and see
if
> you can identify the virus. If it identifies it go to your AV's website
and
> get the cleanup tool. If it doesn't repost with your outcome and we'll try
> to give further help.
>
> Port 5000 is Universal plug and play. Has it's purpose however it is not
> usually necessary to use and is known to be used by hackers. A lot of
people
> don't need it and GRC.com has a tool to disable it.
>
> "bgc" <replyto@thegroup.org> wrote in message
> news:urovr41089d2f1@corp.supernews.com...
> > Hello,
> > I've got ZoneAlarm running on my Windows XP system. It shows 3
> instances
> > of "Generic Host Process for Win32 Services" running, including one that
> is
> > listening to TCP port 5000. Is there any way to identify the origin of
> each
> > of these entries, i.e. what program or dll started each one?
> >
> > Thanks,
> > BGC
> >
> >
>
>
- Next message: Zilbandy: "Re: Someone try to hack my machine?"
- Previous message: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- In reply to: David: "Re: ZoneAlarm - How to identify Generic Host Process Origin?"
- Next in thread: : "Re: ZoneAlarm - How to identify Generic Host Process Origin?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
