Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.

On Jul 24, 5:08*pm, Doc <docsavag...@yahoo.com> wrote:
> Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
> firewall. What could this be indicative of? Currently running a scan
> with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
> already with SAS.
>
> Thanks for all input.


Malwarebytes found Trojan.Agent.EXPD1. Could this be a culprit?

Doc wrote:

> Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
> firewall. What could this be indicative of? Currently running a scan
> with Malwarebytes, MSE and Superantispyware.

Has to be asked: These scans .. all at the same time?

> Getting a lot of hits already with SAS.

Disable the firewall and go offline when you scan.

--
-bts
-This space for rent, but the price is high

On 07/24/2012 05:08 PM, Doc wrote:
> Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
> firewall. What could this be indicative of? Currently running a scan
> with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
> already with SAS.
>
> Thanks for all input.
>

you need a bigger rubber
--
Meet the new boss,Same as the old boss

Per David H. Lipman:
>The question is is it the legitimate OS file or a trojan using that name.
>
>For example SVCHOST.EXE running from c:\windows or %temp%\SVCHOST.EXE are
>not legitimate processes.
>
>SVCHOST.EXE (and variants such as SCVHOST.EXE) is one of the most used names
>in malicious processes. Often malware can inject into the legitimate
>process as well.

That's a "Keeper". Thanks.

FWIW, not that I know enough to make much sense out of it, but
AnVir seems to offer up some pretty detailed information on such
processes. e.g. http://tinyurl.com/c4wfdwl which resolves to
https://picasaweb.google.com/1081497...05648331060898

Click the little "+" icon and use the mouse roller go zoom in to
where it's readable.
--
Pete Cresswell

I loaded Hijackthis and started getting a BSOD on reboot. Reinstalled
an image of the drive created with DriveimageXML from a couple of
weeks before the problem started but was still getting the same issue
with the link redirects. Now I've formatted the drive and will load
the same image and see what happens.

People who write the code that causes this crap should be summarily
executed.