Results 1 to 10 of 10

Thread: Generic Host Process for Win32 Service wants to accept connections from the Internet??

Hybrid View

  1. #1
    rimmer Guest

    Default Generic Host Process for Win32 Service wants to accept connections from the Internet??

    I know this topic was covered to some extent by Oldsod and Newscoop a few days ago but I seem to have a similar problem in as much as I dont know if I should be accepting or denying access.
    I get the following,
    Application



    Sychost.exe





























    Source
    IP




    0.0.0.0 Port 135I deny that then a few minutes later I get something like






























    Source IP




    192.168.0.1 Port 3076

    then port 34339
    etc etc.
    I deny all these one at a time because I have no idea what it refers to but it goes on and on, each time a differect port.
    Help and advice regarding this would be much appreciated.
    Rimmer.


    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    thoz Guest

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    I used a general rule to block all from 0.0.0.0 to Any, TCP and UDP, Source Port 135, destination Port any. This seemed to work with no ill effects for me. Log or not as you wish. This is The End Point Mapper.

    Here is some info I found a year or so ago(I am sorry I don't know who to credit):

    "Location Service. This is the infamous RPC portmapper, svchost.exe (supporting "DCE services" for remote hosts), focus of a recent NT/2k/XP vulnerability. It
    listens for both TCP and UDP packet types.

    The idea of an RPC (Remote Procedure Call) portmapper was invented by Sun Microsystems, and is both good, because it's useful for network programming, and bad, because it raises security challenges. Its operation means you can code network daemons without assigning them ports, and instead have them request the portmapper for an assignment. The challenges are several:

    It leaks valuable information about the system to the bad guys.

    Its complexity means it's a likely place for vulnerabilities to crop up.

    When you hear of such vulnerabilities, disabling it might be prohibitively painful, because too much relies on it. It's a single point of failure for other things.

    Because it assigns ports dynamically to services that rely on it, those services no longer run on predictable ports, which makes them much harder to protect.

    For all of those reasons, a running portmapper tends to make security people antsy. If it must be left running typically because of NFS or NIS/NIS+ daemons
    on Unix boxes, then security folk will try to heavily protect it."

    I am a new ZA User. Hope this helps. You still might find you need it for something, but so far I haven't.

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    See http://support.microsoft.com/kb/832017 for a proper description of the RPC used by window operating systems.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    olddirt Guest

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    Is that Sychost.exe or svchost.exe?

    The svchost.exe issue is the one where everybody is suddenly seeing it daily. The forum replies with super technical babble or links away. My favorite is suggesting that you earch the forum for these replies because they are tired of denying it over an over. Besides, this is a normal windows process, and we must be insane. What's the harm in seeing it pop up in multiple ZA versions on various OS platforms all across America every single boot up since August?

    If it is Sychost.exe, then it is a process added to the system as a result of the LEOX.B VIRUS

  5. #5
    rimmer Guest

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    Thanks OldDirt for your reply.
    It is Sychost.exe

    does this mean that I have the LEOX.B virus?
    Is it dangerous and how do I get rid of it?.....And what is of great interest, how come my super-dooper fully paid up ZA AV did not detect it??
    Any help or advice would be much appreciated.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    Very glad OldDirt questioned the sychost.exe.
    I automatically assummed it was svchost.exe mistyped.

    Usually googling the malicious file along with "remove" yields good results.

    http://www.google.com/search?hl=en&q...&start=20&sa=N


    Symantec usually has some instructions and if their antivirus misses the malware, they usually have a link to a special removal tool for that particular malware.

    http://www.symantec.com/security_res...032016-5436-99

    Forums and BB usually have some details.
    Beeping computers does have a HJT forum to help remove these things.

    http://www.bleepingcomputer.com/forums/topic9442.html

    But the usual advice is run a full antivirus scan in the safe mode to do a good removal (if the antivirus does in fact detect the malware in the first place).

    Oldsod.
    Best regards.
    oldsod

  7. #7
    zafzap Guest

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    I cant seem to find the discussion of just that problem:

    "The svchost.exe issue is the one where everybody is suddenly seeing it daily. The forum replies with super technical babble or links away. My favorite is suggesting that you search the forum for these replies because they are tired of denying it over an over. Besides, this is a normal windows process, and we must be insane. What's the harm in seeing it pop up in multiple ZA versions on various OS platforms all across America every single boot up since August?"

    I've tried fiddling with the program control, to no effect,
    so now I'm trying to learn whether to allow or deny it,
    or how to avoid the problem.
    Can you point me?

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??


    <blockquote><hr>ZAFZAP wrote:
    I cant seem to find the discussion of just that problem:

    "The svchost.exe issue is the one where everybody is suddenly seeing it daily. The forum replies with super technical babble or links away. My favorite is suggesting that you search the forum for these replies because they are tired of denying it over an over. Besides, this is a normal windows process, and we must be insane. What's the harm in seeing it pop up in multiple ZA versions on various OS platforms all across America every single boot up since August?"

    I've tried fiddling with the program control, to no effect,
    so now I'm trying to learn whether to allow or deny it,
    or how to avoid the problem.
    Can you point me?
    <hr></blockquote>


    In general....
    svchost.exe will connect in and out of the 127.0.0.1 (loopback address) and the 0.0.0.0 (non-route or zero octet address) by TCP (and UDP), connect to the remote port 67 of the DHCP server and accept connections from the dhcp server's port 67 to the computer's own port 68, connect to the remote port 53 of the DNS server and accept connections from that DNS server's port 53, connect to the remote port 123 of the time server and accept incoming connections from that port.
    Svchost.exe can be seen in many outgoing connections in windows going to the remote ports 80 (HTTP), 443 (HTTPS) and other things such as RTSP, POP3, etc.
    Also used in the tracert, ping, nslookups, etc.
    But not limited to just these, as these are some of the generally seen items for the average home user.
    Usually the other window processes such as winlogon.exe, userinit.exe, csrss.exe, services.exe, explorer.exe, rundll32.exe and a few others are associated with these svchost.exe connections too.

    Oldsod.
    Best regards.
    oldsod

  9. #9
    rimmer Guest

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??

    All rather confusing but took up OldDirts idea of Leox.B virus.
    On googling it I came up with 'True Sword' from Security Stronghold and did their 'free scan'.


    Nothing came up to suspect Leox but loads of other c**p did.
    75 items according to them!
    So thought I'd have a look at other malware/adware programs and found a blog saying 'True Sword' was utter rubbish and 'Spyzooka' was much better.

    So...............are any of these sort of programs any more effective that the free version of Spywareblaster etc??

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Generic Host Process for Win32 Service wants to accept connections from the Internet??


    <blockquote><hr>rimmer wrote:
    All rather confusing but took up OldDirts idea of Leox.B virus.
    On googling it I came up with 'True Sword' from Security Stronghold and did their 'free scan'.


    Nothing came up to suspect Leox but loads of other c**p did.
    75 items according to them!
    So thought I'd have a look at other malware/adware programs and found a blog saying 'True Sword' was utter rubbish and 'Spyzooka' was much better.

    So...............are any of these sort of programs any more effective that the free version of Spywareblaster etc??
    <hr></blockquote>
    Go here:

    http://forum.zonelabs.org/zonelabs/b...essage.id=4284

    and clobber it with the free tools listed under "spyware", "malware" and "Worms, Troyans and Viruses and Malware stand alone tools".

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •