Re: svchost.exe connect port 80 and 443
From: David Barnes (david_at_nospam-bitsolve.com)
Date: 02/22/04
- Next message: Duane Arnold: "Re: port 80 open, how...."
- Previous message: ClareOldie: "Re: port 80 open, how...."
- In reply to: Pedro: "svchost.exe connect port 80 and 443"
- Next in thread: Tiago: "Re: svchost.exe connect port 80 and 443"
- Reply: Tiago: "Re: svchost.exe connect port 80 and 443"
- Reply: Pedro: "Re: svchost.exe connect port 80 and 443"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 Feb 2004 15:05:52 GMT
This sounds like a browser hijack / trojan.
These tend to 'appear' when you install 'free' software or utilities from
sites on the internet (eg kaza). [no such thing as a free lunch]. Among
other things they steal your personal info, log keystrokes, sites visited,
programs run, documents created/viewed, and obfuscate access to sites on the
internet.. [Eg. type in www.bbc.co.uk and u get cnn.com.. well I've not seen
that, but that's what they do on a subtle scale.]
Try looking through add/remove programs. You may find some strange entries
there.. Use google search to identify anything that looks strange. You could
try and remove anything unwanted.
I suggest you update your AV software and enable it to 'find unwanted
programs' and do a FULL scan.
Also download and run spybot search and destroy.. this should hunt out the
hijack..
David (nobby) Barnes
"Pedro" <no@spam.not> wrote in message
news:Xns94966D4E311Atiagonospamcom@213.228.128.15...
> Hello.
>
> I was trying Frontpage 2003 for the first time and saved one simple htm
> page to my the default folder in Windows XP...My Documents\My Web Sites.
> Later when I opened the same with Frontpage it showed something like this
> in the middle:
> "frontpage function Homepage(){ <!-- // in real bits, urls get returned to
> our script like this: // res://shdocvw.dll/http_
> 404.htm#http://www.DocURL.com/bar.htm //For testing use Do"
>
> Anyway I deleted the document, and now I opened the Sygate Personal
> Firewall and see something which I think wasn't there before. In Running
> Applications - Connection Details two of the various svchost.exe files are
> with the status CONNECT, one in local port:1076 and remote port:80; the
> other in local port:1079 and remote port:443. In IP Adress I have:
> 0.0.0.0->207.46.245.126 (which isn't my IP adress) in both instances. Is
> this normal, or is it some kind of hack?
>
> Thanks for reading.
>
>
>
>
- Next message: Duane Arnold: "Re: port 80 open, how...."
- Previous message: ClareOldie: "Re: port 80 open, how...."
- In reply to: Pedro: "svchost.exe connect port 80 and 443"
- Next in thread: Tiago: "Re: svchost.exe connect port 80 and 443"
- Reply: Tiago: "Re: svchost.exe connect port 80 and 443"
- Reply: Pedro: "Re: svchost.exe connect port 80 and 443"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
