SVCHOST and SERVICE log accessing internet

R

Rob

Hi,

I am running Win XP to SP1 - haven't upgraded to SP2 due reported
problems. I'm also using Ad aware and Spybot checks plus Sygate
personal firewall. When I am on my dial up connection, Sygate reports
that SVCHOST and SERVICELOG are trying to access the internet. I
understand that SVCHOST is a legit programme, but I am not sure why it
wants to access the internet - and I decline its requst. SERVICELOG I
gather is a rogue, which I also stop. Neither Spybot or Ad aware
report SERVICELOG as a problem. I've stopped the SERVICELOG process
running, and it seems to have no effect.

Can someone explain the situation and can I delete the file from my
system inc registry???

TVMIA
 
D

David Candy

Just because a firewall says something is trying to access the internet doesn't make it so. Many rules of internet are imposed at your ISP's server. You need to say the address and port. One would expect svchost to send out non routable traffic. Svchost is also the name of nasties.
 
D

David Candy

Just because a firewall says something is trying to access the internet doesn't make it so. Many rules of internet are imposed at your ISP's server. You need to say the address and port. One would expect svchost to send out non routable traffic. Svchost is also the name of nasties.
 
P

peetm

SVCHOST is an executable (exe) that's used to run libraries (dll) as
'services'. Although the exe is legit, it might be used to run all sorts of
nasties in a dll!

http://support.microsoft.com/?kbid=314056

Never heard of SERVICELOG.

The page I included a link to is very helpful.

For example, run TaskList /SVC and take note of entries with svchost.exe in
the left column.

Then, note the PID number.

Say you see something like:

Image PID Services
===================
svchost.exe 416 stisvc

and you'd like to know more about 'process 416'. To do that, run this
command

tasklist /M /FI "PID eq 416"

that will display a list of the dlls loaded into the 416 instance of
svchost.exe

Scan the list - anything look nasty?

The webpage also tells you how to navigate to the part of the registry that
lists the services to be run - so, check those locations out.

Lastly, go and get something like AVG (antivirus v7) - free, really good,
and the latest version shows a list of possible program startup locations
when it scans ('Scan System Areas') - useful info for you.

You might also go and get a copy of the control panel applet here

http://www.mlin.net/StartupCPL.shtml

And, while you're there, this too ...

http://www.mlin.net/StartupMonitor.shtml

Both very useful utilities.

Well, I hope that's helped you.

peetm
 
A

Alex Nichol

Rob said:
When I am on my dial up connection, Sygate reports
that SVCHOST and SERVICELOG are trying to access the internet. I
understand that SVCHOST is a legit programme, but I am not sure why it
wants to access the internet - and I decline its requst. SERVICELOG I
gather is a rogue, which I also stop.
Click to expand...

SVChost is support for a lot of system services, some of which may have
legitimate need to use your internet connection (eg Auto Update or the
Time sync service). I suggest having it allowed access, but not to act
as a server.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Many svchost files that look legit 1
Six copies of svchost 3
SVCHOST taking up to 99% CPU - continuation 9
SVCHOST and "network service" in XP? 1
Messenger Service spam problems again 3
SVCHOST..... 3
Question about Internet Information Services (inetinfo.exe) 2
installed Sygate Personal Firewall - now unable to download softwa 6

Top