svchost processes --- OK, but 5 of them? using 30 Mb of RAM?, listening on multiple UDP ports?

T

TomH

Any input from any knowledgable individuals is gratefully accepted!!!
My winxp home, standalone, most-services-disabled and
all-unnecessary-apps-uninstalled to reduce attack surfaces system still has
rather a lot of ports open that I don't think should be open.
Especially some of these UDP ports, I can't think of any legitimate
processes running on my system that have any business appropriating 19
megabytes of RAM, and then opening a UDP port, yet there are two processes
labeling themselves svchost (sometimes there are upwards of five of these,
similarly named processes in memory at one time!) that are doing exactly
that.
I know, I have scanned and scanned and scanned, and I have BHOdemon,
TCMonitor, Zonealarm, all of which tell me my system is clean.
output from netstat:
Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 824
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:1025 *:* 952
UDP 24.86.74.167:123 *:* 888
UDP 127.0.0.1:123 *:* 888


The pids of are mostly those of the aforementioned svchost processes, of
which, right now there are 5.
All svchost processes have appropriated a total of roughly 30 Mb of RAM.
 
D

David H. Lipman

Looks normal to me. Better than it did prior to cleaning the Java/ByteVerify Trojan.

--
Dave




| Any input from any knowledgable individuals is gratefully accepted!!!
| My winxp home, standalone, most-services-disabled and
| all-unnecessary-apps-uninstalled to reduce attack surfaces system still has
| rather a lot of ports open that I don't think should be open.
| Especially some of these UDP ports, I can't think of any legitimate
| processes running on my system that have any business appropriating 19
| megabytes of RAM, and then opening a UDP port, yet there are two processes
| labeling themselves svchost (sometimes there are upwards of five of these,
| similarly named processes in memory at one time!) that are doing exactly
| that.
| I know, I have scanned and scanned and scanned, and I have BHOdemon,
| TCMonitor, Zonealarm, all of which tell me my system is clean.
| output from netstat:
| Active Connections
|
| Proto Local Address Foreign Address State PID
| TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 824
| TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
| UDP 0.0.0.0:445 *:* 4
| UDP 0.0.0.0:1025 *:* 952
| UDP 24.86.74.167:123 *:* 888
| UDP 127.0.0.1:123 *:* 888
|
|
| The pids of are mostly those of the aforementioned svchost processes, of
| which, right now there are 5.
| All svchost processes have appropriated a total of roughly 30 Mb of RAM.
|
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

mysterious open ports 6
Windows XP port 445 listening on wrong subnet 3
Slow Shutdown 3
Outlook crashes with Outlook connector 2002 0
Outlook connector crashes outlook 0
WTD: Nvidia Videocard for 4x AGP Slot 0

Top