Results 1 to 5 of 5

Thread: SVCHOST???

  1. #1
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    SVCHOST???

    Being new to XP, I hope my concern here is born of paranoid ignorance, but this "Generic Host Process for Win32 Services" seems like a wonderful vector for all sorts of malware. I've had to allow its activities through my firewall (carte blanche, since I can't ratify a rule to cover its myriad of activities) or I lose internet connectivity. I've read up on it a bit, and see that there are several worms (known to AVs) that try to exploit it. I still can't find a definitive or even recommended suggestion for hardening a system to potential exploits, or even if there's a need to. Any ideas?

    Alan

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SVCHOST???

    Well, the main thing is not to run any bad services. <img src=/S/smile.gif border=0 alt=smile width=15 height=15> Process Explorer from SysInternals lets you see in more detail what program is running inside your various currently active svchost.exe shells. But that is not a real-time solution. For ongiong protection, you'll have to rely on antivirus and anti-spyware solutions, as well as close study of your Services applet.

  3. #3
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SVCHOST???

    Thanks Jefferson. I noticed that the windows tasklist doesn't give a path for svchost.exe, but Process Explorer (and others) do so. This is at least a start to spotting an imitator. I'm just hoping that my firewall jumps on the actual application using the shell, rather just than the generic use of the shell, with some obscure port + protocol.

    Alan

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: SVCHOST???

    You might like to scan this <!mskb=314056>Microsoft Knowledge Base Article 314056<!/mskb> and/or an MVPS article, for elucidation.

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SVCHOST???

    Thanks John. I'd read both of these and consequently have a fair idea of what it does. Neither article really addresses the sorts of vulnerabilities (if any) of the O/S providing such a generic "all welcome" service though. I was really hoping to find something that might alert me to potential exploits and how to cover one's <img src=/w3timages/censored.gif alt=censored border=0> against them.

    Alan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •