Re: svchost.exe Inbound?
From: V Green (vanceg_at_nowhere.net)
Date: 07/13/04
- Next message: t.cruise: "Re: Looking for servcie to send FAX from an XP system over an Internet commection"
- Previous message: JML: "FILE WITHOUT PROGRAM ASSOCIATION"
- In reply to: Judy: "Re: svchost.exe Inbound?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 12 Jul 2004 21:00:01 -0700
"Judy" <Judy@discussions.microsoft.com> wrote in message
news:77F9172E-D494-43B8-87E1-C246E5D7B7D4@microsoft.com...
> Hi S.Sengupta,
> Thank you for your reply. I installed all of the security patches when
issued referenced in W32.@Welchia.Worm. Under W32.assarm@mm, I don't use
Outlook Express or Outlook. I'm on EarthLink and use their mailbox. I have
never had any email attachments therefore never opened any. I have not had
any of these symptoms. What I am getting is a Firewall Alert "a remote
system is attempting to access MS Generic Host Process for win32 services on
your computer" using port 1025. Do you have any suggestions?
> Thank you so much for your help.
> Judy
You are being attacked FROM the internet, hence the INBOUND.
The virii do NOT care whether or not you use either of those programs,
the problem is, they're still there for it to pick on-as long as you use an
OS
that the virus can recognize as one it can screw with, you will see these
attempts
to infect.
Which is one reason I run a software firewall and proxy server on
a dedicated W98SE machine. This crap passes me right by, as my
only 'Net presence (if it can be seen at all) is backed by an OS
that the latest virii don't care about.
The inbounds you are seeing are simply a fact of life now, your firewall's
just doin' its thing...if the alerts get too annoying, just turn them off
and
remember to check your logs manually.
>
> "S.Sengupta" wrote:
>
> > Hi Judy,
> > These two viruses copies svchost.exe to the system
> >
> > Symantec Security Response - W32.Welchia.Worm:
> >
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
> >
> > Symantec Security Response - W32.Assarm@mm:
> >
http://securityresponse.symantec.com/avcenter/venc/data/w32.assarm@mm.html
> >
> > A Description of Svchost.exe in Windows XP:
> > http://support.microsoft.com/?kbid=314056
> >
> > regards,
> >
> > ssg MS-MVP
> > pronetworks.org
> >
> > Judy wrote:
> >
> > > I'm getting an annoying firewall Program Control Alert, Inbound,
svchost.exe How do I stop this, please? This has been happening for a few
weeks now.
> > >
> > > I'm using XP Home, Dell 2350, Pentium 4, Norton AntiVirus 2004 &
Personal Firewall 2003. The Firewall keeps giving a Program Control alert,
C:\Windows\System32\svchost.exe, TCP (Inbound), remote IP address (when
using Norton's Tracking its mostly from other countries), TCP(Inbound),
[MyIP]:1025. I block it each time. The Task Manager shows running
SVCHOST.EXE (all caps) System(3), Network Service, Local Service. A search
result for svchost.exe shows C:\I386\SVCHOST.EXE and
C:\Windows\System32\SVCHOST.EXE (all caps).
> > >
> > > I have scanned off line with Norton and at the Symantec site both
virus & security scans, spywareguide.com free X-Cleaner scan, McAfee free
scan, and PCPitstop Panda free scan and they found nothing. I use Spobot S&D
1.3 and it found nothing. GRC.com ShieldUP! shows that port 1025 is open
and says to close it. I don't know how to do that. It also showed a "Danske
Net Bank" plugin installed & I haven't been to any bank sites. How do I get
rid of that? I did a Firewall program scan set to "automatic". Even tried
a System Restore when all else failed but couldn't go back too far because I
was afraid of previous driveby adware I couldn't get rid of. The firewall
logs show the alert occuring every 5-20 min. Thanks for any help you can
give me to stop this annoying alert.
> > > Judy :)
> >
> >
- Next message: t.cruise: "Re: Looking for servcie to send FAX from an XP system over an Internet commection"
- Previous message: JML: "FILE WITHOUT PROGRAM ASSOCIATION"
- In reply to: Judy: "Re: svchost.exe Inbound?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
