Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe connecting to very random IP addresses


  • Please log in to reply
1 reply to this topic

#1 FRiNKEL

FRiNKEL

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 18 June 2013 - 12:37 PM

I just keep coming back here XD

 

I decided to finally acquire a firewall for my computer (Comodo Firewall, if knowing such is essential.) As it requested me to start allowing programs to access the Internet, it asked me for something rather strange: to allow svchost access to an IP that appears like it belongs to a personal computer.

 

I looked into it a bit more, looking directly at svchost's connection logs. It was connected to 7 different IPs, and the only one that was legitimate out of the list was Microsoft's (for the Microsoft Customer Experience Program, which I decided to opt into for whatever reason). The rest of them appeared to belong to personal computers, upon looking them up in WHOIS (Various places around the globe... Africa, Asia, Bahamas, and America too.) The ports also seem to have no pattern associated with them, except they're around the 5000 to 7000 range (63421, 60023, 62727, 58555, 61219, 56643).

Call me skeptical, but I do not think my computer is supposed to be connecting with random addresses like this.

 

I am currently running Windows 8 x64.


Edited by FRiNKEL, 18 June 2013 - 12:41 PM.

"I've done so much with so little for so long, they now expect me to do the impossible with nothing." - Source unknown to me

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 18 June 2013 - 01:01 PM

Hello, and welcome ... we can start here and probably move,,,

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users