!!! svchost.exe setting off my firewall

**kilaj1** · Sep 6, 2008, 05:55 PM

Hey folks...recelty my firewall has been giving me alerts about the svchost.exe . Now i know this is a windows service that need to be ran but this one is poping up a bit offten, usually when im broswing the net. Its actually comming from and outside source, the IP addresses are 206.47.244.51 and 206.47.244.110.

I did a whois look up and its Bell, my ISP, but Im not sure if its just tracing it back to them and dropping. I ran a tracert command and it doesnt go past my own IP address

Tracing route to nscsim08.bellnexxia.net [206.47.244.51]
over a maximum of 30 hops:

1 9 ms 8 ms 12 ms 64.230.197.232
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.

this is from the log in my firewall

Description Generic Host Process for Win32 Services requested permission to access the internet.
Rating High
Date / Time 2008/09/06 18:26:02-4:00 GMT
Type Repeat Server Program
Program C:\WINDOWS\system32\svchost.exe
Source IP 206.47.244.110:53
Destination IP
Direction Incoming (accept)
Action Taken Blocked (once)
Count 1
Source DNS nsccan10.bellnexxia.net
Destination DNS

Description Generic Host Process for Win32 Services requested permission to access the internet.
Rating High
Date / Time 2008/09/06 18:35:36-4:00 GMT
Type Repeat Server Program
Program C:\WINDOWS\system32\svchost.exe
Source IP 206.47.244.51:53
Destination IP
Direction Incoming (accept)
Action Taken Blocked (once)
Count 1
Source DNS nscsim07.bellnexxia.net
Destination DNS

for now i've bin manually denying it since i know this file can be mascara ding as a virus.

but my scans show now malicious software

**Arch_Angel** · Sep 6, 2008, 06:01 PM

If you ran checks on your system, and the file doesn't seem to be doing anything apart from moving traffic between you and your ISP, what's the problem?

You can permanently deny it until you run into connectivity problems, if you are feeling paranoid. Otherwise, just allow it to do it's thing.

**kilaj1** · Sep 6, 2008, 06:07 PM

Originally Posted by Arch_Angel

If you ran checks on your system, and the file doesn't seem to be doing anything apart from moving traffic between you and your ISP, what's the problem?

You can permanently deny it until you run into connectivity problems, if you are feeling paranoid. Otherwise, just allow it to do it's thing.

paranoid? me nah...I might have 3 software firewalls and 2 active anti-malware programs and corprate version of symantec anti virus... but i no paranoid

....lol

just that i dont like when anything reaches my main firewall, and im wondering why all of a sudden it started to alert my firewall? had the conenction for over 2 years with the same firewall

**Arch_Angel** · Sep 6, 2008, 06:11 PM

Originally Posted by kilaj1

paranoid? me nah...I might have 3 software firewalls and 2 active anti-malware programs and corprate version of symantec anti virus... but i no paranoid

....lol

just that i dont like when anything reaches my main firewall, and im wondering why all of a sudden it started to alert my firewall? had the conenction for over 2 years with the same firewall

lol yup paranoia to new heights.

I would just deny it internet access permanently. If you run into any connectivity issues with any program, just keep in mind you have that service denied.

**barrettrs** · Sep 7, 2008, 12:22 PM

Arch_Angel

lol yup paranoia to new heights.

LOL. The dude is super paranoid. Trust me seeing that you know that svchost.exe is a valid windows service then stop stressing man and either block it on your firewall or allow it seeing that it will forever be asking for permission to go online.

**Nestersan** · Sep 7, 2008, 04:15 PM

the wickest thing is that a real exploit would just silently piggyback anyhow....

**kilaj1** · Sep 8, 2008, 07:45 AM

Originally Posted by barrettrs

Arch_Angel

LOL. The dude is super paranoid. Trust me seeing that you know that svchost.exe is a valid windows service then stop stressing man and either block it on your firewall or allow it seeing that it will forever be asking for permission to go online.

I've seen articles where viruses pose as svchost.exe, hence my concern. I've used this same ISP and same firewall for years and never had this pop up, and like i said its coming from outside. I put a perm block on it...and my net seem to move faster for some reason

ehh no matter...worse case my ISP messing with them DNS servers, happened before at work so its all good.

you all talking like paranoya is a bad thing

apprently the wifey went on a website that had a trojon, a.exe, and it got on my system, but the firewalls prevented it from going back out. That virus attempts to disable your AV...want to test it? go to jamaicanforum.com site is infested.

**malco1987** · Sep 8, 2008, 02:00 PM

i got infected by that already a.exe brings up it own little .scr file too, goes directly into the system 32 files and hides itself has a couple manifest files too

But i go on Jamaicanforum.com and i got nothing it was from a rom website that i got infected, the machine that got infected had no firewall only Avast Pro edition it helped me to pinpoint the exact location but still had to do a system restore and run a boot scan to get rid of everything

**kilaj1** · Sep 8, 2008, 02:04 PM

Avast couldnt delete it?
My AV actually found another instance of that trojon in my system restore...needless to say i turned sys restore off...never even remember it was on.

**malco1987** · Sep 8, 2008, 03:14 PM

Yeah thats what the boot scan was for it detected the virus in my restore folder also

By the way i asked you in another thread but i will ask again what version of Zone Alarm are you using i am getting Zone Alarm Force Field is that any good

Thread: !!! svchost.exe setting off my firewall

Thread Tools

!!! svchost.exe setting off my firewall

Posting Permissions

Options

About

Social Media