Suddenly getting hundres of svchost.exe connections


D

Doc

Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.
 
Ad

Advertisements

D

Doc

Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.


Malwarebytes found Trojan.Agent.EXPD1. Could this be a culprit?
 
B

Beauregard T. Shagnasty

Doc said:
Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware.

Has to be asked: These scans .. all at the same time?
Getting a lot of hits already with SAS.

Disable the firewall and go offline when you scan.
 
M

Max Wachtel

Suddenly getting 400 - 500 plus svchost.exe connections per Comodo
firewall. What could this be indicative of? Currently running a scan
with Malwarebytes, MSE and Superantispyware. Getting a lot of hits
already with SAS.

Thanks for all input.

you need a bigger rubber
 
P

(PeteCresswell)

Per David H. Lipman:
The question is is it the legitimate OS file or a trojan using that name.

For example SVCHOST.EXE running from c:\windows or %temp%\SVCHOST.EXE are
not legitimate processes.

SVCHOST.EXE (and variants such as SCVHOST.EXE) is one of the most used names
in malicious processes. Often malware can inject into the legitimate
process as well.

That's a "Keeper". Thanks.

FWIW, not that I know enough to make much sense out of it, but
AnVir seems to offer up some pretty detailed information on such
processes. e.g. http://tinyurl.com/c4wfdwl which resolves to
https://picasaweb.google.com/108149798664924808733/Misc#5768905648331060898

Click the little "+" icon and use the mouse roller go zoom in to
where it's readable.
 
Ad

Advertisements

D

Doc

I loaded Hijackthis and started getting a BSOD on reboot. Reinstalled
an image of the drive created with DriveimageXML from a couple of
weeks before the problem started but was still getting the same issue
with the link redirects. Now I've formatted the drive and will load
the same image and see what happens.

People who write the code that causes this crap should be summarily
executed.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top