Results 1 to 2 of 2

Thread: SVCHOST.EXE trying to act as server and related issues

  1. #1
    boblouder Guest

    Default SVCHOST.EXE trying to act as server and related issues



    I've read the various posts about this and I believe it is causing an issue on my computer.
    I'd like to post my specifics and see if anybody can me some sound suggestions in simple terms.
    I consider myself an intermediate level (although I change my mind when I read this board) and have been using ZA for as long as I can remember.
    This is the best I can recall (at 1:30 in the am, after a day in the hot sun) ...

    I received several of the svchost.exe popups, and right now I cannot recall if I
    initially a) accepted temporarily or b) declined temporarily.
    Finally, I got annoyed, did an Internet search
    and read it was part of the Microsoft Operating System and Accepted Permanently.
    I did make a note about port "135" on a sheet of paper when I accepted.
    After reading this Forum, at some point I changed the setting to Permanently Block Generic Host
    Process for Win 32 Services
    Server - Internet (also an X for Send Email).

    While I have ZAISS 7.0, latest update, I do not use the ZA Antivirus or Spyware.
    I've used
    Bit Defender ver 10 (Antivirus only) for almost two years (only one problem last Spring for a while which was a Bit Defender issue).
    I've also been using CounterSpy (v 2.5) for about two or three months.
    They all have played together well until this past week.

    In the few days, I noticed that Bit Defender will not properly scan memory (it just isn't scanning it).

    I've
    completed a deep
    scan and sent it to
    Bit Defender
    for response.

    Meanwhile, when I attempted to turn off the "Active" live
    spyware protection in CounterSpy, it freezes.
    CounterSpy seemed to run fine as long as I did not try to disable "Active".
    I've now turned both off and turned on ZAISS AntiVirus and Spyware (I've used them from time to time to double check other two programs).


    Also ... when I look at Startup items I noticed in the past couple of days ...

    dumprep0 -k %systemroot%\system32\dumprep0 -k

    CCleaner adds: "KernalFaultCheck" to its description.

    Last thing I can think of is that I decided to try RoboForm and installed it sometime in the past few days.

    Lastly, like others on this forum, in the past
    few months (including once in the past two weeks, but before this current issue), I've had the issue of Anti Spyware programs freezing at System Vol Info and resolved each time by simply running ChkDsk and doing a Defrag.


    Would uninstalling ZAISS 7 and installing ZAISS 2009 undo the issue?
    Or, if this is causing the problems, is the intrusion there until deleted or
    eliminated?
    If the Bit Defender and CounterSpy issues are not related, then is the svchost.exe resolved and the only potential penetration was any time before I blocked svchost.exe?


    TIA for your suggestions.



    Operating System:
    Windows XP
    Media Center
    Edition, SP3
    Software Version:
    7.0.483
    Product Name:
    ZoneAlarm Internet Security Suite




    Message Edited by BobLouder on 09-07-2008 12:18 PM

  2. #2
    boblouder Guest

    Default Re: SVCHOST.EXE trying to act as server and related issues

    I just read this from Sept 4, 2008 on PC Mag reviewing ZAISS 2009:
    "To guard against attack by hackers across the Internet, a personal firewall puts all the computer's ports in stealth mode. They don't show up as closed or open; they're not visible at all from outside. I run various tests to make sure the firewall is doing this and similar jobs. ZoneAlarm has always passed, but this time three separate scans showed port 135 open. This is the Remote Procedure Call port, a dangerous entry point for malware.

    I supplied Check Point with log files, and my contacts there identified an error in program control that could cause this slip-up under certain circumstances; a fix is now in place. They also pointed out that if a program tried to do anything malicious using this port it would be stopped. My experience in testing the product's ability to block malware infestation certainly bears out that claim, so I won't downgrade the otherwise-stellar firewall based on this fluke occurrence. "

    http://www.pcmag.com/article2/0,2817,2329486,00.asp

    "With program control at the maximum level, ZoneAlarm's OSFirewall monitors the behavior of all programs and offers to block those acting suspiciously. In this release, OSFirewall tracks about 30 new suspicious behaviors, many of them related to attacks on the security suite itself. You won't see pop-ups about these if SmartDefense Advisor is turned on. By default it handles such threats silently."

    ... "Many malicious programs need to "phone home" to get updates or transmit stolen personal data. Some of these try to get around traditional program control by forcing approved programs to do their bidding, in a variety of ways".

    http://www.pcmag.com/article2/0,2817,2329487,00.asp

    ... If some malefactor has gained access to your computer and installed a commercial keylogger, you've got problems that no suite can fix.


    http://www.pcmag.com/article2/0,2817,2329489,00.asp






    Message Edited by BobLouder on 09-07-2008 01:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •