Suddenly getting hundres of svchost.exe connections

D

Doc

Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.
 
D

Doc

Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.
Click to expand...


Malwarebytes found Trojan.Agent.EXPD1. Could this be a culprit?
 
B

Beauregard T. Shagnasty

Doc said:
Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware.
Click to expand...

Has to be asked: These scans .. all at the same time?
Getting a lot of hits already with SAS.
Click to expand...

Disable the firewall and go offline when you scan.
 
M

Max Wachtel

Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.
Click to expand...

you need a bigger rubber
 
P

(PeteCresswell)

Per David H. Lipman:
The question is is it the legitimate OS file or a trojan using that name.

For example SVCHOST.EXE running from c:\windows or %temp%\SVCHOST.EXE are
not legitimate processes.

SVCHOST.EXE (and variants such as SCVHOST.EXE) is one of the most used names
in malicious processes. Often malware can inject into the legitimate
process as well.
Click to expand...

That's a "Keeper". Thanks.

FWIW, not that I know enough to make much sense out of it, but
AnVir seems to offer up some pretty detailed information on such
processes. e.g. http://tinyurl.com/c4wfdwl which resolves to
https://picasaweb.google.com/108149798664924808733/Misc#5768905648331060898

Click the little "+" icon and use the mouse roller go zoom in to
where it's readable.
 
D

Doc

I loaded Hijackthis and started getting a BSOD on reboot. Reinstalled
an image of the drive created with DriveimageXML from a couple of
weeks before the problem started but was still getting the same issue
with the link redirects. Now I've formatted the drive and will load
the same image and see what happens.

People who write the code that causes this crap should be summarily
executed.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Memory Problems after running SFC on sp1 2
What to make of Microsoft Security Essentials? 2
svchost.exe Inbound? 4
Event ID 1517 & 1524 - Windows not releasing user profiles at logo 1
Event ID 1517 and 1527 - Not unloading user profiles at logoff 2
IE Shuts down regularly 12
svchost.exe repeated crashes 5
3,000 + hard faults per minute in svchost.exe at 58% physical memo 3

Top