Results 1 to 4 of 4
  1. #1
    5 Star Lounger st3333ve's Avatar
    Join Date
    May 2003
    Location
    Los Angeles, California, USA
    Posts
    705
    Thanks
    0
    Thanked 2 Times in 2 Posts

    My PC wants to talk to China (XP Pro (SP-1))

    I'm running Norton Personal Firewall on my system, and I've dutifully installed all the Windows Critical Updates when the notifications have arrived in the lower right corner of my screen. As far as I know, I'm uninfected.

    However, in the past few days, I've started to get regular alerts from Norton Personal Firewall that "a remote system is attempting to access Microsoft Generic Host Process for Win32 services on your computer." Norton PF identifies the program as C:WINDOWSSystem32svchost.exe. When I bring up the Alert Assistant, it tells me "A program named Microsoft Generic Host Process for Win32 Services is attempting to connect to a computer at [INET ADDRESS HERE] using port 1026." Norton Personal Firewall assures me this is "a low risk based on the following information: (1) Virus Detected: No virus found; (2) Digitally signed: No; and (3) Trusted Company: Microsoft Corporation." As a result, Norton PF recommends that I "Permit" (rather than block) the connection.

    But when I use Norton PF to trace the location of the computer my PC is trying to connect to, it turns out it's located in China, within the Chinanet - Guangdong Province Network, so I'm thinking it's probably not Microsoft my PC is trying to talk to.

    Anybody having a similar experience and/or know what's going on?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: My PC wants to talk to China (XP Pro (SP-1))

    Do you have any firewall bypass, I mean, file sharing software, installed?

    Does this happen when you are browsing strange web pages?

    When I look at task manager, there always are many instances of svchost.exe running. I believe it's a generic shell that can be used by a number of different processes, the true identities of which cannot be discovered through Task Manager but might be revealed by third party utilities. I downloaded a bunch from SysInternals the other day, but haven't had a chance to install and test them. At least one of them was supposed to be a detailed process explorer. Maybe that will help pinpoint the true source of the request.

  3. #3
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Irvine, California, USA
    Posts
    292
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: My PC wants to talk to China (XP Pro (SP-1))

    I had a bout of attempted intrusions (27 in 2 hours, a personal high and depressing number) according to ZoneAlarm Pro approx. 2 weeks ago. The sources were from China, Taiwan, Spain, France, Canada, and here in the US. It was at a time I had to be back on dial-up (my DSL modem died). I never considered letting the hackers in. These are computer scans trying to get into your computer. Keep the door closed. Turn off file sharing if you do not need it as suggested in the previous post. I am back behind my router and access point and I have not had an attempt in 10 days.

  4. #4
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My PC wants to talk to China (XP Pro (SP-1))

    TaskInfo (shareware) can display the command line that invoked svchost, and that typically shows the actual service that was started. As you say, I'm sure there are plenty of other tools that can give the same info.
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •