Results 1 to 2 of 2

Thread: Re: i have a query regarding Zone alarm program settings? Pls...

  1. #1
    _gator Guest

    Default Re: i have a query regarding Zone alarm program settings? Pls...

    The filename "svchost.exe" is also widely used for Trojans. See Paul Collins' ("Pacman"'s) home Web site (http://www.pacs-portal.co.uk/startup_content.php) on start-up programs, and search for "svchost". You'll find his assertion that all valid "Generic Host Process" (svchost.exe) files are found in %SystemRoot%\(WINDOWS or Winnt)\system32, along with scads of examples of Trojan-installed violations of this rule.

    Notes:

    - This database is NOT of malware, but such are often listed since they often stealthily imitate start-up programs. Paul's database of start-up programs can be found at http://www.sysinfo.org/startupinfo.html, both as the online database and as programs which can be downloaded with the latest database contents.
    - This database and Paul's background explanation at the home site are SHAREWARE and represent, in my estimation, a lot of research work. Please donate to his efforts to keep the information current.

    I'll soon post a request for help in eliminating a Trojan problem which created an svchost.exe in %SystemRoot%\WINDOWS\Microsoft.NET\Framework\v3.0\ Windows Communication Foundation. This bogus svchost causes ZASS to ask for my decision on server access for incoming messages from IP addresses 66.73.20.40 (as DNS) and 151.164.8.201, both on the north coast of northwest Australia (as located by ZoneAlarm's "more info" line).

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: i have a query regarding Zone alarm program settings? Pls...

    Actually neither IP are in Australia.
    <hr>Server: resolver1.opendns.com
    Address: 208.67.222.222

    Name: dns1.bcvloh.sbcglobal.net
    Address: 66.73.20.40<hr>

    which a domain name server.

    http://www.coolwhois.com/d/66.73.20.40

    <hr>Server: resolver1.opendns.com
    Address: 208.67.222.222

    Name: dns1.ksc2mo.sbcglobal.net
    Address: 151.164.8.201<hr>

    which is also a domain name server and belongs to AT&T

    http://www.coolwhois.com/d/151.164.8.201


    Yes the svchost.exe located in the microsoft.net folder is very suspicious.
    Any chance you use AT&T or sbc global as a provider?

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •