Re: svchost.exe connect port 80 and 443
From: Tiago (tiago_at_nospam.com)
Date: 02/22/04
- Next message: Pedro: "Re: svchost.exe connect port 80 and 443"
- Previous message: Lars M. Hansen: "Re: How can I stop p2p clients, eg WinMx, Kazza using ftwall in my company?"
- In reply to: David Barnes: "Re: svchost.exe connect port 80 and 443"
- Next in thread: Duane Arnold: "Re: svchost.exe connect port 80 and 443"
- Reply: Duane Arnold: "Re: svchost.exe connect port 80 and 443"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 Feb 2004 22:15:34 +0000 (UTC)
"David Barnes" <david@nospam-bitsolve.com> wrote in
news:kz3_b.5329$QB7.49104967@news-text.cableinet.net:
> This sounds like a browser hijack / trojan.
>
> These tend to 'appear' when you install 'free' software or utilities
> from sites on the internet (eg kaza). [no such thing as a free lunch].
> Among other things they steal your personal info, log keystrokes,
> sites visited, programs run, documents created/viewed, and obfuscate
> access to sites on the internet.. [Eg. type in www.bbc.co.uk and u get
> cnn.com.. well I've not seen that, but that's what they do on a subtle
> scale.] Try looking through add/remove programs. You may find some
> strange entries there.. Use google search to identify anything that
> looks strange. You could try and remove anything unwanted.
>
> I suggest you update your AV software and enable it to 'find unwanted
> programs' and do a FULL scan.
> Also download and run spybot search and destroy.. this should hunt out
> the hijack..
No, I don't think it's anything related to any software that I've
installed. Though now that I've runned Spybot it found the old DSO exploit,
so thanks for that. I don't even use IE (i'm using Opera). From what I've
learned browsing in several sites port 80 and 443 are used by svchost.exe
when one is operating a web server in a computer. So I created a rule in
Sygate to block inbound connections on both port 80 and 443, all hosts, TCP
remote ports, incoming traffic, Generic Host Process for Win32 Services.
Still, sometimes I see in Connection Details svchost.exe CONNECTED to
remote port 80. Port 443 never appeared again. In Application Details there
isn't any considerable traffic outgoing or incoming in the Generic Host
Process for Win32 Services. In fact the only traffic going on right now is
in Opera and mIRC. So I guess there isn't any reason to feel worried, even
if the port 80 connection with svchost.exe showed a few hours ago with a
different IP adress from mine leaves me a bit suspicious.
If anyone has more opinions on this feel free to to add something in this
thread.
- Next message: Pedro: "Re: svchost.exe connect port 80 and 443"
- Previous message: Lars M. Hansen: "Re: How can I stop p2p clients, eg WinMx, Kazza using ftwall in my company?"
- In reply to: David Barnes: "Re: svchost.exe connect port 80 and 443"
- Next in thread: Duane Arnold: "Re: svchost.exe connect port 80 and 443"
- Reply: Duane Arnold: "Re: svchost.exe connect port 80 and 443"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
