Q: Generic host process for Win32 Services

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi there,

I seem to have almost continuous activity going on, Internet-wise.
Zone Alarm informs me that this is generic host processes for Win32.

My question is: is this innocent communication between the computer
and the ADSL modem, or is there some Trojan which has fooled Zone
Alarm into thinking it's a legitimate process?

In addition to the products below, I also recently installed and
updated the free version of AVG, which also found nothing to report.

Am I just being paranoid, or do I have something to worry about?

I have Spybot Search and Destroy, resident enabled. I have Java Cools
Prerelease installed.
I'm running Zone Alarm Security Suite 6.5.737.000, Anti Virus Vet
engine 11.91.1.000 DAT version 11.9.10088.000, antispyware engine
5.0.83.0 DAT version 01.200612.585

Computer is Windows XP SP 2, automatic updates configured to tell me
whether I need to download and install.

I use an old version of MS Outlook for mail, Fire Fox 1.5.0.8 and
Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519IS.
--
PacMan
"Laugh, and the world laughs with you,
 snore and you sleep alone"
 - Anthony Burgess

Re: Q: Generic host process for Win32 Services

PacMan wrote:
Quoted text here. Click to load it

ZA, oh Lord :(
Quoted text here. Click to load it

What is svchost.exe (generic host processes for Win32), which is the
messenger for the O/S programs and other non O/S programs to allow
communications,  trying to connect to IP wise?  Svchost.exe does nothing
on its own. It does it on the behalf of other programs that want to
communicate to the Internet WAN - Wide Area Network or with other
machines in a LAN, Local Area Network,  situation. There can be several
svchost.exe(s) running too.

If svchost.exe is not running out of c:\windows\system32, then it's a
Trojan.
Quoted text here. Click to load it

I can't say you're being paranoid, but you may be over reacting,
possibly. However, malware can use svchost.exe on its behalf to
communicate as well. So you always must be aware of what svchost.exe is
connecting to and who is doing the asking.

None of the solutions you're talking about can really tell you what's
happening on the machine, and those solutions can be defeated by malware.

You have got to look for yourself from time to time with tools that are
going to allow you to *look*, for yourself.

The tools in the link will allow you to look and they are (free).

Long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

Short
http://tinyurl.com/klw1

For a machine that has a driect connection to the modem, then you should
try to harden the XP O/S to attack as much as possible, like remove
Client for MS Network and MS File and Print Sharing off of the NIC or
dial-up connection. You have no need to be in any networking situation
with a computer that has a direct connection to the modem, with the
computer having a direct connection to the Internet, none period.

There are other things in the link you can do as well to harden the NT
based O/S to attack.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm



Re: Q: Generic host process for Win32 Services

It was round about Sat, 02 Dec 2006 13:28:47 GMT,, when the famed  Mr.
Arnold6 of the dreaded EarthLink Inc. -- http://www.EarthLink.net was
struck by a sudden insight:

Quoted text here. Click to load it

There's something I should know?

[..]
Quoted text here. Click to load it

Running out of correct location, up to 3 instances operational.

[..]
Quoted text here. Click to load it

[..]

Thanks for the links: appreciated. I didn't find any that were free
when they discovered an infection though.
Oh well, Spyware Doctor has removed Ranky, which Symantec claims is a
very low risk, and few infections discovered in the wild.

ObZoneAlarm: I changed from Norton since Norton Internet Security
seemed to slow certain things down significantly. Perhaps I should
change back? Or go Kaspersky?
--
PacMan
"I love being married. It's so great to find that one special
 person you want to annoy for the rest of your life" - Rita Rudner

Re: Q: Generic host process for Win32 Services

PacMan wrote:
Quoted text here. Click to load it

Don't count on ZA too much
Quoted text here. Click to load it

The point is they can miss a whole lot of things, which you should look
around for yourself and not depend totally on such solutions, with the
tools in the link. You do the determination and detection from time to time.

Re: Generic host process for Win32 Services

PacMan wrote:

Quoted text here. Click to load it

Process explorer will tell you much more than the default windows task
manager about what each process, including each instance of svchost.exe, is
doing.
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

--
Falcon:
fide, sed cui vide. (L)






Site Timeline