Re: svchost.exe and the internet.........HELP!!
From: Duane Arnold (notme_at_notme.com)
Date: 02/06/04
- Next message: Walter Roberson: "Re: Route traffic from a Dynamic WAN address on Pix 501"
- Previous message: Mike: "Re: Necessary ports and not necessary ports"
- In reply to: Neil: "svchost.exe and the internet.........HELP!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 06 Feb 2004 17:50:11 GMT
nruddiforth@hotmail.com (Neil) wrote in news:b33bd93c.0402060825.3dd039
@posting.google.com:
> Hi there
>
> I was wondering if someone could help me?
>
> A week ago, i installed broadband on my home computer (running Windows
> 2000). As soon as I was up and running I started getting this:
>
> "Svchost.exe generated an application error and will be closed by
> Windows. An error log is been genorated"
>
> It always happened a few minutes of been logged on, and it wouldnt let
> me disconect my modem, use ctrl C to copy, and my contol panel went
> haywire (all the icons moved to the left hand side of the window).
>
> I did a bit of wading around, to find a few other people were having
> the same problem. So I took there advice (the best I could, I dont
> really understand all the technical stuff), and did a complete windows
> update via microsoft, service pack 4 etc, downloaded
> Windows2000-KB823980-x86-ENU patch and ran that, downloaded Stinger
> and MS Blast, and ran both of those (no MSblaster worm, but the
> Stinger found one, which it got rid of), ran Spybot, and got rid of
> all the Ad stuff and spyware.
>
> I also downloaded a Firewall program from Sygate, and installed that.
> Now, im not getting the svchost error message anymore, but the Sygate
> Firewall is telling me after a few minutes of been logged on, someone
> is trying to access my svchost.exe! (every single time I log on)
>
> It gives me the option to allow it by clicking yes, or decline it by
> clicking no. Ive been clicking no, but im worried that it might be
> important for my internet connection to have my svchost accessed by my
> service provider. Is this the case?
>
> Please help. I dont know much about this sort of thing, and im worried
> I might be doing the wrong thing.
>
> Thanks for your time, I hope to hear from you all soon!
>
> Neil
It's not that svchost.exe wants access to the Internet or something wants
to make contact with scvhost.exe. That's svchost.exe's job is to
communicate on the network no matter if the network is a local area
network or a wide area network such as the Internet. It's about what is
on the machine a program that wants to use svchost.exe on its behalf to
communicate. It could be a legit or bogus program such as sypware or a
Trojan that wants to use svchost.exe.
So, you need to make the determination as to what is using svchost.exe.
You can use Active Ports and Process Explorer (both are free use Google)
to help you make the determination, if possible. Process Explorer will
allow you to look inside the process or program using svchost.exe.
If svchost is not running out of the Windows or Winnt (system32)
directory, then it is a Trojan for sure.
You should think about *hardening* the NT based O/S from attack.
http://www.uksecurityonline.com/index5.php
use the HOST
http://accs-net.com/hosts/HostsToggle/
http://mvps.org/winhelp2002/hosts.htm
Duane :)
- Next message: Walter Roberson: "Re: Route traffic from a Dynamic WAN address on Pix 501"
- Previous message: Mike: "Re: Necessary ports and not necessary ports"
- In reply to: Neil: "svchost.exe and the internet.........HELP!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
