General discussion

  • Creator
    Topic
  • #2257774

    TCP port 2603 and service “servicemeter”

    Locked

    by jplconsultant ·

    I am running AVG Firewall on WinXP Pro. AVG is asking me to allow/deny Application “System” outbound access to localhost port 2603 (TCP). Destination is 207.46.245.33 port 80.

    I searched for applications named “system” and don’t find any. I have no applications running that should be accessing the Internet at that time. The destination IP resolves to MSNBCENESPANOL.COM. As far as I know, I’ve not accessed that website before.

    From what I can gather, port 2603 is assigned to a service called “servicemeter”.

    I have denied access. Full A/V, spyware, adware, malware scans come up empty (using AVG, ad-aware, spybot, spywareblaster).

    Can anyone tell me about “servicemeter”, port 2603, and why an application named “System” might be trying to use that port/service?

    Thanks!
    JPLConsultant

All Comments

  • Author
    Replies
    • #3230250

      Reply To: TCP port 2603 and service “servicemeter”

      by jplconsultant ·

      In reply to TCP port 2603 and service “servicemeter”

      I suspect the application “System” is probably referring to some system-level process. That doesn’t seem good.

      Also, I did not run netstat to check my port connections prior to denying access, so I wasn’t able to glean more insight there. I should have looked, but forgot about netstat until it was too late. I don’t know. If the firewall was waiting for permission to allow/deny the connection, would netstat even show relevent information at that time, or would I have had to approve it first through the FW?

      Ok, I think that’s all I have to update for now.

      Thanks for any help you all can provide.

      Thanks,
      JPLConsultant

    • #3230213

      Reply To: TCP port 2603 and service “servicemeter”

      by hal 9000 ·

      In reply to TCP port 2603 and service “servicemeter”

      First make sure that all your AV & Spy ware Apps are up to date and then reboot into [b]Safe Mode[/b] and run both AV & Spy Ware Scans in there. If there is some infection involved here it will be picked up and possible removed while in Safe Mode where it can not be removed or even show up when you are running in Normal Mode.

      The only reference that I can find to Servicemeter is in relation to some Dutch Government sponsored E Security here

      http://tinyurl.com/rhto2

      So either you are looking at the wrong service running or you have picked up some kind of infection. A [b]System[/b] application is a basic Windows service that is attempting to run but it can also be some form of Spy Ware or Virus as well as these embed themselves deep in Windows and act like a normal service that should be running.

      But just for further reference whenever you do a system scan for Spy Ware or AV you should always be in [b]Safe Mode[/b] as you pick up far more and can remove what you pick up without doing any damage.

      Col

      • #3230202

        Reply To: TCP port 2603 and service “servicemeter”

        by jplconsultant ·

        In reply to Reply To: TCP port 2603 and service “servicemeter”

        I got this message for the second time today. I updated everything again this evening (updates came down for the antivirus and spybot). Ran a/v, spybot and ad-aware in Safe Mode. All still came up empty.

        I checked out http://tinyurl.com/rhto2, but that didn’t seem to provide me any useful information as to what may be going on.

    • #3230181

      Reply To: TCP port 2603 and service “servicemeter”

      by hal 9000 ·

      In reply to TCP port 2603 and service “servicemeter”

      Well as the system is showing up as clean and you already have confirmed that the correct software is installed enable the transfer from that port. It appears to be something critical to windows.

      It wouldn’t hurt to check any transmissions from that Port either after you enable it but by the sounds of things it’s something to do with a necessary running service in Windows.

      Of course hiding the thing behind a router wouldn’t hurt any just to make sure that nothing important is leaving via that Port.

      Col

    • #3230154

      Reply To: TCP port 2603 and service “servicemeter”

      by jplconsultant ·

      In reply to TCP port 2603 and service “servicemeter”

      Col,
      Thanks for your help. I gathered some interesting information over night. There were a total of 6 attempts yesterday/last night. Each was to a different URL. These attempts occured over a 11-hour period. They only occurred yesterday, and then seem to have stopped. Also, there is more activity than I initially thought. Reviewing my FW logs shows that this application attempted to access each of the six IP Addresses using my outgoing ports 2603, 2604, 2605, 2606, 2607, 2608, 2614, 2616, 2617, 2621, 2626. 11 different outgoing ports! Each attempt tried to hit the destination IP on port 80. All were blocked.

      No activity since 12:00AM today.

      I can’t imagine what critical system resource would operate in this manner.

      I’ve blocked communication from my machine, and will continue to monitor. I am behind a router, and have it locked down pretty well. I’ll attempt to get more information and will update this site as I get any pertinent info. I’ll close it in a week if I/we don’t make any good progress.

      Right now, I’m stumped.

      Sites attempted to access yesterday:
      207.138.234.57 – [none]
      207.46.150.50 – msnbcenespanol.com
      207.46.245.32 – msnbcbusiness.com
      207.46.245.33 – thechrismatthewsshow.com
      207.68.172.236 – x.sc.msn.ca
      69.44.123.151 – 69-44-123-151.wcg.net

      -JPLConsultant

    • #3230152

      Reply To: TCP port 2603 and service “servicemeter”

      by jplconsultant ·

      In reply to TCP port 2603 and service “servicemeter”

      In reviewing my comment, I may be unclear about the number of attempts, so I’ll try to clarify:

      There were 6 unique IP Addresses used. Contact was attempted to each IP from 11 of my ports, for a total of 11 unique calls to each IP (66 total attempts).

      The application would attempt IP1 from all ports. Then a while later tried IP2 from all ports, and so on.

      Hope I’ve not made anything even more confusing.

    • #3230066

      Reply To: TCP port 2603 and service “servicemeter”

      by rob miners ·

      In reply to TCP port 2603 and service “servicemeter”

      Have a look here it might shed some light.

      http://www.auditmypc.com/port/udp-port-2603.asp

    • #2841674

      Servicemeter is a red herring

      by madsmaddad ·

      In reply to TCP port 2603 and service “servicemeter”

      According to IANA, some ports have been given names of the facility that is intended to use them, so port 2603 is expected to be used by servicemeter.

      But other things can use it as well.

      http://www.iana.org/assignments/port-numbers

      I came across this while searching for it myself as I discovered it in my wireshark trace on my computer.

      Peter M.

Viewing 6 reply threads