Re: ZoneAlarm block?
From: Chek (chek_16_at_hootmail.com)
Date: 08/24/04
- Next message: Jurren Bouman: "AVERT Low-Profiled Threat Notice: W64/Shruggle"
- Previous message: N. Miller: "Re: Mydoom"
- In reply to: mac1: "ZoneAlarm block?"
- Next in thread: N. Miller: "Re: ZoneAlarm block?"
- Reply: N. Miller: "Re: ZoneAlarm block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Aug 2004 20:32:40 +0100
You can check the IP address you detected using something like:
http://www.whoisview.com/products/whoisview/whoisview_online.php
Unfortunately, knowing which process requested the connection doesn't help
much.
Various trojan .dll's attach themselves to various legit windows processes.
If you are suspicious at all follow the advice here:
http://www.aumha.org/a/parasite.htm
with particular attention to installing and running:
CWShredder
Spybot Search & Destroy 1.3
AdAware (SE has now replaced version 6)
Hi Jack This
About This
Spywareblaster.
In conjunction with a HiJack This logfile, sorting through the files running
within a process
by using Advanced Process Manipulator from
http://www.diamondcs.com.au/index.php?page=apm
can stop a bad file running and then it can be deleted.
Hope this helps,
Chek
-- Change' boos' to 'bos' in address to email directly "mac1" <mac1@nospam.com> wrote in message news:XLKWc.15721$cx.2031@bignews4.bellsouth.net... > Running WindowsXP, IE6, ZoneAlarm 5.1.011 > > Today I received an alert that read: > The fire wall has blocked internet access to 192.xxx.x.xxx (DNS) from your > computer. (I've typed (x) instead of actual modem IP number.) Program > Generic Host Process for windows 32 Services > > Not knowing if this is a virus, nor what to do if it was, opened the > "Program control" in > ZoneAlarm and found that "Generic Host process for windows 32 services" was > listed in the program column. > > Currently Under the "Access" column: Trusted and Internet each had a check > mark > Currently Under the "Server" column: Trusted and Internet each had a > question mark > > Below, in the entry detail box was the following information: > Product name: Microsoft Windows Operating System. > The file name: C:\Windows\System32\svchost.exe > > My question is should I do about this alert. If its safe should I place a > check mark under Trusted and Internet in the Server column. > > Thanks for any clarification about the alert. > >
- Next message: Jurren Bouman: "AVERT Low-Profiled Threat Notice: W64/Shruggle"
- Previous message: N. Miller: "Re: Mydoom"
- In reply to: mac1: "ZoneAlarm block?"
- Next in thread: N. Miller: "Re: ZoneAlarm block?"
- Reply: N. Miller: "Re: ZoneAlarm block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
