Re: Generic Host Process for Win32
- From: "Twayne" <nobody@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 11 Sep 2008 10:40:27 -0400
Twayne wrote:
The ZA log shows no source or destination IP. The direction isEvery so often, out of the blue, Zone Alarm pops up a message saying
"Generic Host Process for Win32 Services is trying to act as a
server", and sometimes it wants to accept connections from the
internet. The application is SVCHOST.EXE.
What is this thing, why does it appear at random times, and should I
allow it or deny it?
Thank you.
Hmm, that's unusual IME. I don't think it should be wanting to act
as a server.
Check your log files for ZA and see if you can tell who's running
it and what it's trying to do? It should be listed with a "blocked"
action since you denied it, or at least I hope you did, for now. It
seems completely wrong for svchost to want to act as a server.
svchost.exe is a service as it sounds, and you may have several of
them running, each one different. e.g. I have 5 running at this
moment, each one servicing something different.
Did you capitalize the name for clarity or was it capitalized in
the message?
What is your OS? Home or Pro?
What are you doing when that message pops up?
What is your level of computer expertise? e.g. novice, exp, very
exp, highly exp, etc.?
Then we could move on to more targeted responses unless someone
recognizes the issue and jumps in here first.
HTH
Twayne
incoming (accept) and the action is blocked. No source or destination
DNS. Capitalization was just for clarity.
Using Win XP Pro.
The message wanting to act as a server usually pops up during bootup.
I don't remember, but the other occurred either while browsing or
doing email, not sure.
I am an experienced computer user.
I think I allowed the request the first time it came up, and I denied
it after that. Didn't notice any effect either way. I'll deny from
now on. Thanks.
That could have been just a ping then, looking to find a computer online
and open to access or less likely, completely innocent. If you
highlight the ZA line there should be some info about it in the box at
the bottom of the window; might ID whether it was tcp/ip, icm, etc..
Since it only happens durng the boot process, it sounds like during
boot something is sending out a request and that might be the response
to it. The question is, what's sending out the request and should it be
doing it? I'd have a look at msconfig and System SErvices to start with
and see if there was anything there that shouldn't be.
What happens if you boot with the modem disconnected? Any error
messages on screen or errors in Event Viewer?
Might be time for AV and malware arsenal scans too.
Sorry not more help.
Twayne
.
- Follow-Ups:
- Re: Generic Host Process for Win32
- From: TechWriter
- Re: Generic Host Process for Win32
- References:
- Generic Host Process for Win32
- From: Dan Drewry
- Re: Generic Host Process for Win32
- From: Twayne
- Re: Generic Host Process for Win32
- From: Dan Drewry
- Generic Host Process for Win32
- Prev by Date: Re: Old XP on new system
- Next by Date: Page # in header does not refresh
- Previous by thread: Re: Generic Host Process for Win32
- Next by thread: Re: Generic Host Process for Win32
- Index(es):
Relevant Pages
|
