Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why svchost.exe is sending/receiving UDP?


  • Please log in to reply
2 replies to this topic

#1 Macjei

Macjei

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 14 February 2017 - 04:54 AM

tR2H5Uq.png

 

 

I looked up 13.78.239.170, the provider is Microsoft, but should svchost be sending / receiving? 

 

http://www.ipalf.com/ip-address/13.78.239.170

 

Maybe someone could clear this up for me, thanks. :)



BC AdBot (Login to Remove)

 


#2 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 PM

Posted 14 February 2017 - 01:12 PM

Hi

 

Svchost(=service host) provides generic host process for services that run from dynamic link libraries(.dll).
This means that instead of program having its own process listed in monitors, you will see svchost process instead.
There are usually multiple svchost processes running simultaneously. Handy way to view all services loaded svchost is by
using

 tasklist /svc

command from Command Prompt
(Note: Required running as admin on Vista and later).

 

It is normal for svchost to send packets for Windows updates, time synchronization etc. You can check what service is sending them by comparing PIDs from tasklist command with your Process Monitor.

 

Keep your antivirus, operating system and softwares up to date to prevent infections :)

You can also run malware scanner such as Malwarebytes regularly.

 

 

 


Member of the Bleeping Computer A.I.I. early response team!


#3 Macjei

Macjei
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 14 February 2017 - 05:37 PM

Hi

 

Svchost(=service host) provides generic host process for services that run from dynamic link libraries(.dll).
This means that instead of program having its own process listed in monitors, you will see svchost process instead.
There are usually multiple svchost processes running simultaneously. Handy way to view all services loaded svchost is by
using

 tasklist /svc

command from Command Prompt
(Note: Required running as admin on Vista and later).

 

It is normal for svchost to send packets for Windows updates, time synchronization etc. You can check what service is sending them by comparing PIDs from tasklist command with your Process Monitor.

 

Keep your antivirus, operating system and softwares up to date to prevent infections :)

You can also run malware scanner such as Malwarebytes regularly.

 

 

 

 

Thank you for clearing that up for me. This post can be locked if need be.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users