What is this Spyware and how is it running ?
From: Laurent (Laurent.Grenet.Enlevez-Ca_at_Voila.fr)
Date: 03/24/04
- Next message: Wobble: "Re: 200,000hits/hour - TCP_Probe_HTTP - hammering my server"
- Previous message: Chuck: "Re: Linksys router and Norton Internet Security"
- Next in thread: sponge: "Re: What is this Spyware and how is it running ?"
- Reply: sponge: "Re: What is this Spyware and how is it running ?"
- Reply: Melvin Klassen: "Re: What is this Spyware and how is it running ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 21:31:44 +0100
Hi everybody
I'm under XP Home SP1.
When ONE particular user is logged on my Pc, my FW detects (and blocks)
exactly every 10 minutes outbound accesses by svchost, from various
port, to port 80, to IP addresses some of them being decrypt by DNS as
akamai addresses.
I may add
- that neither Spybot Search&Destroy, nor Ad-Aware, both of them
up-to-date, are detecting any spyware or trojan on my Pc
- that it happens ONLY if a particular user is logged, and not with
others
- and that this user doesn't launch anything different than others at
startup, at least via standard means (startup menu, and different
ad'hoc registry keys).
Does anybody have any idea
- to find which appli is so using svchost to run these outbound
connections
- to find HOW this appli is active and launched on this account (since
it is neither startup menu, nor any of usual registry keys
Thanks for your help !
-- Laurent GRENET
- Next message: Wobble: "Re: 200,000hits/hour - TCP_Probe_HTTP - hammering my server"
- Previous message: Chuck: "Re: Linksys router and Norton Internet Security"
- Next in thread: sponge: "Re: What is this Spyware and how is it running ?"
- Reply: sponge: "Re: What is this Spyware and how is it running ?"
- Reply: Melvin Klassen: "Re: What is this Spyware and how is it running ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
