Re: Firewall Setup...

From: Global_Killa (global_killa_at_hotmail.com)
Date: 04/02/04

• Next message: ronaldcarter_at_adelphia.net: "Re: Zone Alarm & DSL"
• Previous message: Duane Arnold: "Re: Firewall Setup..."
• In reply to: Duane Arnold: "Re: Firewall Setup..."
• Next in thread: Alan Illeman: "Re: Firewall Setup..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 2 Apr 2004 00:59:25 +0100

"Duane Arnold" <notme@notme.com> wrote in message
news:XP1bc.160700$po.953163@attbi_s52...

> As you can see, blocking svchost.exe stops your machine from accessing the
> Internet. Svchost.exe is just the messenger for the O/S and other programs
> and provides the comminication link between machines on the LAN or WAN,
> along with doing many many other tasks for the O/S. One of the functions
of
> svchost.exe is to provide the communication plumbing for the connection.
> Yes, Trojan and spyware can use svchost.exe on their behalf too, just like
> the O/S uses svchost to communicate. Should one kill the messenger or
should
> one try to find what's using the messenger and kill it?
>
>
>
> http://ask-leo.com/archives/000030.html
>
>
>
> If svchost.exe is making connections to unknown remote IP(s), then by all
> means, one should question why and try to find out what is requesting that
> svchost provide the connection.
>
>
>
> You can find out by using Active Ports to see what remote IP(s)
svchost.exe
> is connecting to, and you can use Process Explorer to look at what
programs
> are using svchost.exe. Both of the utility programs are free (use Google).
>
>
>
> If svchost.exe is not running out of the path below (system32), then it's
a
> Trojan.
>
>
>
> C:\Windows\system32\svchost.exe
>
>
>
> Don't kill the messenger and try to find out what is using the messenger.
:)
>
>
>
> I don't stop svchost.exe (the messenger) from doing its job and let it
run.
>
>
>
> Duane :).

Thanks for the advice.

-- 
Global_Killa
"You're a victim of the rules you live by!"
http://punkthenation.tk

---

• Next message: ronaldcarter_at_adelphia.net: "Re: Zone Alarm & DSL"
• Previous message: Duane Arnold: "Re: Firewall Setup..."
• In reply to: Duane Arnold: "Re: Firewall Setup..."
• Next in thread: Alan Illeman: "Re: Firewall Setup..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Firewall Setup... ... > program from accessing the Internet, it seems to stop Internet activity. ... Svchost.exe is just the messenger for the O/S and other programs ... svchost.exe is to provide the communication plumbing for the connection. ... (comp.security.firewalls) Re: Zone Alarm and DNS? ... > sometimes IE and Firefox DNS lookups are failing (and probably other ... It seems to me that you have *blocked* the messenger for the O/S svchost.exe ... One should find out what's using the messenger and kill it and not kill the ... (comp.security.firewalls) Re: msmsgs.exe ... or to start Messenger? ... O/S version. ... >>> Anybody here have a permanent fix. ... > Permanently deleting what? ... (alt.comp.hardware.pc-homebuilt) Re: ZA Free and Generic Host Processor ... >> and determine if it is legit or not instead of killing the messenger. ... solicitation, and again, it was not svchost.exe the that ... It could be legit too. ... stops with the O/S and not ZA. ... (comp.security.firewalls) Kill a connection ... Does any one knows how to kill a connection made by an application?, ... some corporate policies, than says from 8am to 2pm Messenger is not allowed, ... but if some user is logged on in the Messenger ... (microsoft.public.isaserver)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)