General discussion

Locked

Unusual scripts running

By Netmare ·
I'm currently running a dual boot Win 2K / Win XP. I use MSN to access the internet, Norton 2002 anti-virus protection, and ZoneAlarm 3.x . When I'm working with either OS ZoneAlarm shows processes that attempt to access the internet through various ports (I'll manualy block the ports via incoming and outgoing TCP and UDP) and they change ports. These processes (or scripts) disguise themselves as normal processes that need to access the internet. i.e.svchost.exe , and whatever the exe is forthe msn messenger. I am now able to block them from accessing the net but I would like some advice on how to get rid of them altogether.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Unusual scripts running

by Joseph Moore In reply to Unusual scripts running

"Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging"
That comes from Technet article Q250320:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q250320
(please remove any spaces)

SVCHOST runs the services that start up and are running, so if something is accessing the Internet through SVCHOST, then you need to see what services are running on your system, and determine which you don't need to run.

Now, for MSN Messenger, the app is called MSMSGS.EXE and it is in theRun section of the Registry. If you have Win 98/ME/XP, run MSCONFIG and check on the Startup tab and uncheck it. In WinNT/2K you need to check the Registry manually (or import MSCONFIG from a 98/ME box and run it on the NT/2K box; it does work for modifying the Startup)

hope this helps

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums