Suddenly getting hundres of svchost.exe connections

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.

Re: Suddenly getting hundres of svchost.exe connections

Doc wrote:

Quoted text here. Click to load it

Has to be asked:  These scans .. all at the same time?

Quoted text here. Click to load it

Disable the firewall and go offline when you scan.

--
   -bts
   -This space for rent, but the price is high

Re: Suddenly getting hundres of svchost.exe connections


Quoted text here. Click to load it


The question is is it the legitimate OS file or a trojan using that name.

For example SVCHOST.EXE running from c:\windows or %temp%\SVCHOST.EXE are
not legitimate processes.

SVCHOST.EXE (and variants such as SCVHOST.EXE) is one of the most used names
in malicious processes.  Often malware can inject into the legitimate
process as well.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Suddenly getting hundres of svchost.exe connections

Per David H. Lipman:
Quoted text here. Click to load it

That's a "Keeper".   Thanks.

FWIW, not that I know enough to make much sense out of it, but
AnVir seems to offer up some pretty detailed information on such
processes.   e.g. http://tinyurl.com/c4wfdwl which resolves to
https://picasaweb.google.com/108149798664924808733/Misc#5768905648331060898

Click the little "+" icon and use the mouse roller go zoom in to
where it's readable.
--
Pete Cresswell

Re: Suddenly getting hundres of svchost.exe connections

On 07/24/2012 05:08 PM, Doc wrote:
Quoted text here. Click to load it

you need a bigger rubber
--
Meet the new boss,Same as the old boss

Re: Suddenly getting hundres of svchost.exe connections

I loaded Hijackthis and started getting a BSOD on reboot. Reinstalled
an image of the drive created with DriveimageXML from a couple of
weeks before the problem started but was still getting the same issue
with the link redirects. Now I've formatted the drive and will load
the same image and see what happens.

People who write the code that causes this crap should be summarily
executed.

Site Timeline