Windows xp, Svchost.exe connecting to different ips, remote port 445

coll911 · Mar 23, 2012

hello,

Im using Windows Xp professional Sp2

Whenever i start my windows, svchost.exe starts connecting to all the possible ips on lan like from 192.168.1.2 to 192.168.1.200 The local port ranges from 1000-1099 and the remote port being 445.

After its done with the local ips, it starts connecting to other random ips.

I tried blocking connections to the port 445 using the local security polices but it didn't work

Is there any possible way i could prevent svchost from connecting to these ips without involving any firewall installed ? since my pc slows down due to the load

I'd be thankful for any advices

coll911 · Mar 23, 2012

coll911 said:
hello,

Im using Windows Xp professional Sp2

Whenever i start my windows, svchost.exe starts connecting to all the possible ips on lan like from 192.168.1.2 to 192.168.1.200 The local port ranges from 1000-1099 and the remote port being 445.

After its done with the local ips, it starts connecting to other random ips.

I tried blocking connections to the port 445 using the local security polices but it didn't work

Is there any possible way i could prevent svchost from connecting to these ips without involving any firewall installed ? since my pc slows down due to the load

I'd be thankful for any advices

Ok, i scanned my pc with malware bytes and found out it was infected with a worm, it's deleted now but still svchost is connecting to the ips.

i also found out that in my windows firewall settings, under internet control message protocol (ICMP) theres a tick on "allow incoming echo request"(usually disabled) which is locked and i cant disable it, Its description is
as follows

Messages sent to this computer will be repeated back to the sender. This is used for trouble shooting for e.g to ping a machine. Requests of this type are automatically allowed if tcp port 445 is enabled

Any solutions ? i cant bear going with the re installing windows phase again

muckshifter · Mar 23, 2012

pop along to http://www.bleepingcomputer.com/

they very good at sorting out infected systems

Silverhazesurfer · Mar 23, 2012

try running this.

http://support.kaspersky.com/faq/?qid=208283363

You could try to block port 445 on your router so that it cannot get outside.

http://www.petri.co.il/whats_port_445_in_w2k_xp_2003.htm

http://support.microsoft.com/kb/204279

TriplexDread · Mar 24, 2012

Also try MS malicious software removal tool.
Make sure you run it in safe mode as all the other things too.
Disconnect from net while doing it and turn off system restore until all is clear

That's what I do anyhow

coll911 · Mar 24, 2012

Thanks for the answers,i just formatted and re installed windows,

its working fine now, cant afford to install an antivirus, my pc is already slow

EvanDavis · Mar 24, 2012

coll911 said:
Thanks for the answers,i just formatted and re installed windows,

its working fine now, cant afford to install an antivirus, my pc is already slow

What are your PC specs ? I use AVAST free and that only uses 2,765K of RAM, I think MSE uses less RAM. If your system is that slow you can't run an AV then you will continue to be infested

Silverhazesurfer · Mar 25, 2012

Microsoft Security Essentials.

Even on a crappy machine, it does not slow things down like the others can. works for me just fine.

muckshifter · Mar 25, 2012

Silverhazesurfer said:
Microsoft Security Essentials.

Even on a crappy machine, it does not slow things down like the others can. works for me just fine.

aye, seconded, and it's FREE

coll911 · Mar 29, 2012

EvanDavis said:
What are your PC specs ? I use AVAST free and that only uses 2,765K of RAM, I think MSE uses less RAM. If your system is that slow you can't run an AV then you will continue to be infested

Im using p4 1.8ghz, 256 ram, 16 mb video card

Installing any antivirus slows pc down, web browser runs more slower, so does the games

EvanDavis · Mar 29, 2012

coll911 said:
Im using p4 1.8ghz, 256 ram, 16 mb video card

Installing any antivirus slows pc down, web browser runs more slower, so does the games

What software do you have installed ? Yur system although low in spec should run say Aast or MSE without a problem of slowing your machine down.

Silverhazesurfer · Mar 29, 2012

If your machine is slowed down because of MSE, then you need one of the two: 1)buy a new PC or 2) operate without protection.

Being on the internet with no AV software isn't that scarey. I used to do it all the time. It's just when a breach occurs, now you have to play cleanup or be prepared to reformat.

Anon_F · Mar 29, 2012

coll911 said:
Im using p4 1.8ghz, 256 ram, 16 mb video card

Installing any antivirus slows pc down, web browser runs more slower, so does the games

Adding more RAM may help?

muckshifter · Mar 29, 2012

256 ram

surprised the thing starts up with that ...

Silverhazesurfer · Mar 30, 2012

The one I just chucked had this setup. It was painfully slow. It is now a terminal in the den.

VISTA Firewall - Port 445	2	Oct 21, 2007
Windows XP port 445 listening on wrong subnet	3	Mar 21, 2008
svchost communication concerns - Who is it talking to.	10	Aug 20, 2009
IPSec Help Requested	1	Dec 19, 2005
IPSEC not blocking specific IP address per Ethereal	13	Apr 18, 2005
command not working to get netsh to block a single IP	0	Jul 22, 2009
Windows 2000 server trying to connect port 139 & 445 to an Internet host	4	Aug 10, 2005
NetBIOS name resolution failing, DNS working, ICMP, 445/tcp	0	Jul 14, 2006

Windows xp, Svchost.exe connecting to different ips, remote port 445

coll911

coll911

muckshifter

I'm not weird, I'm a limited edition.

Silverhazesurfer

Master of Logic

TriplexDread

coll911

EvanDavis

Silly Fool

Silverhazesurfer

Master of Logic

muckshifter

I'm not weird, I'm a limited edition.

coll911

EvanDavis

Silly Fool

Silverhazesurfer

Master of Logic

Anon_F

muckshifter

I'm not weird, I'm a limited edition.

Silverhazesurfer

Master of Logic

Ask a Question

Similar Threads