Generic Host Processes for Win 32 Services?

Discussion in 'Computer Information' started by John, Oct 24, 2004.

  1. John

    John Guest

    Hello.

    I just wondered what this "Generic Host Processes for Win 32 Services"
    is exactly?

    In my firewall there are two logos and that is the description for
    them. One of them seems to be using the Internet a lot for some
    reason but I don't know what its doing.

    Thanks

    John
     
    John, Oct 24, 2004
    #1
    1. Advertisements

  2. John

    Duane Arnold Guest


    http://support.microsoft.com/default.aspx?scid=kb;en-us;314056#kb2

    svchost.exe *the Generic Host Processor* performs many task for the NT
    based O/S. One of the tasks is communications on the network such as the
    Internet. There can be many occurrences of svchost.exe running. Not only
    does the O/S use svchost.exe on its behalf and other legit programs running
    on the computer, but Trojans and malware can use svchost.exe too. So you
    must always be aware of what svchost.exe is trying to connect to on remote
    IP(s).

    There are tools such as Active Ports and Process Explorer (free) that can
    help you make the determination as to what a program is connecting to and
    what processes are using the program look inside the running program or
    process.

    http://tinyurl.com/klw1

    If svchost.exe is not running out of the %SystemRoot%\System32 folder, then
    it's a Trojan.

    You can go to the Command Prompt and enter SET and press the Enter-key and
    it will shoe what is %SystemRoot%.


    Duane :)
     
    Duane Arnold, Oct 24, 2004
    #2
    1. Advertisements

  3. John

    John Guest


    Thanks.

    I downloaded the Process Explorer, and they all seem to be acting out
    of the right folder. It doesn't seem to show which ip or web address
    they are talking to though.

    John
     
    John, Oct 24, 2004
    #3
  4. John

    Duane Arnold Guest

    Active Ports gives you that information when a program is running such as
    svchost.exe and it has remote connections on the LAN or (WAN-Internet) to
    an IP.

    Duane :)
     
    Duane Arnold, Oct 24, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.