Svchost.exe is a Microsoft service that loads several other types of legitimate services.
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1 Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: [EMAIL PROTECTED] *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode **************************************************************************** ************* ----- Original Message ----- From: "Hyperion" <[EMAIL PROTECTED]> To: "Security Basics Mailing List" <[EMAIL PROTECTED]>; "Uwe Röhl" <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 8:33 PM Subject: RE: What is this port? is it a trojan? > Silly me heh, the 44334 port is my firewall: > > PERSFW.EXE TCP all:44334 ...... Listening > PERSFW.EXE TCP all:44334 localhost:ingreslock Connected in > PERSFW.EXE UDP all:44334 ...... Listening > PFWADMIN.EXE TCP all:ingreslock localhost:44334 Connected > out > PFWADMIN.EXE TCP all:1526 localhost:44334 Connected > out > > As for ther port 5000 well the firewall has it as > > SVCHOST.EXE TCP all:5000 ...... Listening > > There are a humber of those SVCHOST.EXE things when I take a look at the > firewall ststus window. I have no idea what they are heh. > Anyone enlighten me on the matter? > Regards Hyperion > > -----Original Message----- > From: Uwe Röhl [mailto:[EMAIL PROTECTED] > Sent: 30 June 2003 23:13 > To: Hyperion > Subject: Re: What is this port? is it a trojan? > > > Hello, > > > Could anyone tell me how I can find out what's running behind the port in > > question, and also what to do about it if it is a port. > > > TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING > > TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING > > UDP 0.0.0.0:500 *:* > > UDP 0.0.0.0:44334 *:* > > UDP 127.0.0.1:123 *:* > > UDP 127.0.0.1:1900 *:* > > UDP 217.135.174.224:123 *:* > > UDP 217.135.174.224:1900 *:* > > Well, #44334 is not the only one, i'd have a look at. > Fport should be the right tool: > http://www.foundstone.com/resources/proddesc/fport.htm > > -- > Bye, Uwe Roehl > > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
