Re: svchost.exe connect port 80 and 443

From: David Barnes (
Date: 02/22/04

Date: Sun, 22 Feb 2004 15:05:52 GMT

This sounds like a browser hijack / trojan.

These tend to 'appear' when you install 'free' software or utilities from
sites on the internet (eg kaza). [no such thing as a free lunch]. Among
other things they steal your personal info, log keystrokes, sites visited,
programs run, documents created/viewed, and obfuscate access to sites on the
internet.. [Eg. type in and u get well I've not seen
that, but that's what they do on a subtle scale.]
Try looking through add/remove programs. You may find some strange entries
there.. Use google search to identify anything that looks strange. You could
try and remove anything unwanted.

I suggest you update your AV software and enable it to 'find unwanted
programs' and do a FULL scan.
Also download and run spybot search and destroy.. this should hunt out the

David (nobby) Barnes

"Pedro" <no@spam.not> wrote in message
> Hello.
> I was trying Frontpage 2003 for the first time and saved one simple htm
> page to my the default folder in Windows XP...My Documents\My Web Sites.
> Later when I opened the same with Frontpage it showed something like this
> in the middle:
> "frontpage function Homepage(){ <!-- // in real bits, urls get returned to
> our script like this: // res://shdocvw.dll/http_
> 404.htm# //For testing use Do"
> Anyway I deleted the document, and now I opened the Sygate Personal
> Firewall and see something which I think wasn't there before. In Running
> Applications - Connection Details two of the various svchost.exe files are
> with the status CONNECT, one in local port:1076 and remote port:80; the
> other in local port:1079 and remote port:443. In IP Adress I have:
>> (which isn't my IP adress) in both instances. Is
> this normal, or is it some kind of hack?
> Thanks for reading.