G
Guest
Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Hello,
Recently I noticed this 2 strange network activities on my pc
(LAN internet, real IP, running winXP w/Kerio)
(1) svchost.exe trying to access multiple different sites on (remote)
port 80
Such attempts are made all the time. Kerio sometimes resolves the
addresses as belonging to akamaitechnolgies something or
reversetheplanet,etc. I supposed this was caused by spyware/adware but
running Web Root Spy Sweeper (which is ON all the time) produced
nothing. I also looked at the list of processes in svchost.exe but
could not figure out which could be causing the problem.
(2) Multiple incoming requests on local port 1026 and port 20234
Kerio registers a great deal of these. Probably I would not be worried,
since these ports are closed on my machine by Kerio and dropped 100% of
the time, but I am getting more than 50 calls to port 20234 in a
minute.
You can take a peek at excerpt from my Kerio log, where I have included
several records from the log to show details on the above mentioned
problems. It includes a several requests of each type where you can see
details on ports and addresses and also the contents of svchost.exe.
'partial log' (http://www.angelfire.com/linux/moterin/log_excerpt.txt)
If you know what is causing this or you've had similar experience, your
help/advise would be appreciated!
Moterin
--
sss190
Hello,
Recently I noticed this 2 strange network activities on my pc
(LAN internet, real IP, running winXP w/Kerio)
(1) svchost.exe trying to access multiple different sites on (remote)
port 80
Such attempts are made all the time. Kerio sometimes resolves the
addresses as belonging to akamaitechnolgies something or
reversetheplanet,etc. I supposed this was caused by spyware/adware but
running Web Root Spy Sweeper (which is ON all the time) produced
nothing. I also looked at the list of processes in svchost.exe but
could not figure out which could be causing the problem.
(2) Multiple incoming requests on local port 1026 and port 20234
Kerio registers a great deal of these. Probably I would not be worried,
since these ports are closed on my machine by Kerio and dropped 100% of
the time, but I am getting more than 50 calls to port 20234 in a
minute.
You can take a peek at excerpt from my Kerio log, where I have included
several records from the log to show details on the above mentioned
problems. It includes a several requests of each type where you can see
details on ports and addresses and also the contents of svchost.exe.
'partial log' (http://www.angelfire.com/linux/moterin/log_excerpt.txt)
If you know what is causing this or you've had similar experience, your
help/advise would be appreciated!
Moterin
--
sss190