SVCHOST and SERVICE log accessing internet

  • Thread starter Thread starter Rob
  • Start date Start date
R

Rob

Hi,

I am running Win XP to SP1 - haven't upgraded to SP2 due reported
problems. I'm also using Ad aware and Spybot checks plus Sygate
personal firewall. When I am on my dial up connection, Sygate reports
that SVCHOST and SERVICELOG are trying to access the internet. I
understand that SVCHOST is a legit programme, but I am not sure why it
wants to access the internet - and I decline its requst. SERVICELOG I
gather is a rogue, which I also stop. Neither Spybot or Ad aware
report SERVICELOG as a problem. I've stopped the SERVICELOG process
running, and it seems to have no effect.

Can someone explain the situation and can I delete the file from my
system inc registry???

TVMIA
 
Just because a firewall says something is trying to access the internet doesn't make it so. Many rules of internet are imposed at your ISP's server. You need to say the address and port. One would expect svchost to send out non routable traffic. Svchost is also the name of nasties.
 
Just because a firewall says something is trying to access the internet doesn't make it so. Many rules of internet are imposed at your ISP's server. You need to say the address and port. One would expect svchost to send out non routable traffic. Svchost is also the name of nasties.
 
SVCHOST is an executable (exe) that's used to run libraries (dll) as
'services'. Although the exe is legit, it might be used to run all sorts of
nasties in a dll!

http://support.microsoft.com/?kbid=314056

Never heard of SERVICELOG.

The page I included a link to is very helpful.

For example, run TaskList /SVC and take note of entries with svchost.exe in
the left column.

Then, note the PID number.

Say you see something like:

Image PID Services
===================
svchost.exe 416 stisvc

and you'd like to know more about 'process 416'. To do that, run this
command

tasklist /M /FI "PID eq 416"

that will display a list of the dlls loaded into the 416 instance of
svchost.exe

Scan the list - anything look nasty?

The webpage also tells you how to navigate to the part of the registry that
lists the services to be run - so, check those locations out.

Lastly, go and get something like AVG (antivirus v7) - free, really good,
and the latest version shows a list of possible program startup locations
when it scans ('Scan System Areas') - useful info for you.

You might also go and get a copy of the control panel applet here

http://www.mlin.net/StartupCPL.shtml

And, while you're there, this too ...

http://www.mlin.net/StartupMonitor.shtml

Both very useful utilities.

Well, I hope that's helped you.

peetm
 
Rob said:
When I am on my dial up connection, Sygate reports
that SVCHOST and SERVICELOG are trying to access the internet. I
understand that SVCHOST is a legit programme, but I am not sure why it
wants to access the internet - and I decline its requst. SERVICELOG I
gather is a rogue, which I also stop.
Click to expand...

SVChost is support for a lot of system services, some of which may have
legitimate need to use your internet connection (eg Auto Update or the
Time sync service). I suggest having it allowed access, but not to act
as a server.
 
Back
Top