Re: svchost.exe connect port 80 and 443

From: David Barnes (david_at_nospam-bitsolve.com)
Date: 02/22/04


Date: Sun, 22 Feb 2004 15:05:52 GMT

This sounds like a browser hijack / trojan.

These tend to 'appear' when you install 'free' software or utilities from
sites on the internet (eg kaza). [no such thing as a free lunch]. Among
other things they steal your personal info, log keystrokes, sites visited,
programs run, documents created/viewed, and obfuscate access to sites on the
internet.. [Eg. type in www.bbc.co.uk and u get cnn.com.. well I've not seen
that, but that's what they do on a subtle scale.]
Try looking through add/remove programs. You may find some strange entries
there.. Use google search to identify anything that looks strange. You could
try and remove anything unwanted.

I suggest you update your AV software and enable it to 'find unwanted
programs' and do a FULL scan.
Also download and run spybot search and destroy.. this should hunt out the
hijack..

David (nobby) Barnes

"Pedro" <no@spam.not> wrote in message
news:Xns94966D4E311Atiagonospamcom@213.228.128.15...
> Hello.
>
> I was trying Frontpage 2003 for the first time and saved one simple htm
> page to my the default folder in Windows XP...My Documents\My Web Sites.
> Later when I opened the same with Frontpage it showed something like this
> in the middle:
> "frontpage function Homepage(){ <!-- // in real bits, urls get returned to
> our script like this: // res://shdocvw.dll/http_
> 404.htm#http://www.DocURL.com/bar.htm //For testing use Do"
>
> Anyway I deleted the document, and now I opened the Sygate Personal
> Firewall and see something which I think wasn't there before. In Running
> Applications - Connection Details two of the various svchost.exe files are
> with the status CONNECT, one in local port:1076 and remote port:80; the
> other in local port:1079 and remote port:443. In IP Adress I have:
> 0.0.0.0->207.46.245.126 (which isn't my IP adress) in both instances. Is
> this normal, or is it some kind of hack?
>
> Thanks for reading.
>
>
>
>