08-22-2009 03:29 PM
I know there have been some posts before on this issue, but I cannot find them or the answers, so I'll post here
Windows Vista with Vista Service Pack 2
Norton Antivirus 2008 ( yes I'm one of those who don't like change)
So I found this the other day
Internet Worm Protection
Program name: Microsoft Generic Host Process for Win32 Services
Program path: C:\Windows\System32\svchost.exe
risk level: low
Default Action: Allow
Action Taken: Allow
Local Computer: My PC 500 (port?)
remote Computer: 220.127.116.11 500 (port?)
Traffic Description: inbound UDP 500
"Microsoft generic Host Process for Win32 services was allowed to communicate with 18.104.22.168"
Then there was also this entry under Internet Worm Protection: Alerts
"User Has created a rule to permit communication"
**Now when I check my connection log, I see no connection around that same time and nothing that would indicate any bytes were exchanged
** When I look up this IP 22.214.171.124, It shows it belongs to Houston Community College in Houston Texas USA
So I know this is not one of my programs getting an update
** I have run several scans and all show clean
** Inbound Firewall still shows blocking of other attempts from other IPs trying to enter my computer
This has raised many questions/worries for me:
1. First, what the heck is this??
2. Is this someone hacking into my computer?
3. is this someone trying to "ping" me?
4. Is it just some goofball seeing if they can connect and then moved on?
5. When it says "User Has created a rule to permit communication" I never created a rule, so is it the firewall program itself that it refers to as "user"?
6. The fact that no data appears to be exchanged mean nothing was "dropped" on my system"?
7. It seems that the program rules for in my norton set up for Microsoft Generic Host Process for Win32 Services is set at default to allow from all computers and all IPs. Is that really the default?
8. is this a situation where ( what I read on here) the multiple layers of protection contained in Norton products come into play?
Where the priogram needs to keep port 500 open, and thus from time to time connections are made that are not legit, but if that connection tries to go further Norton will stop it?
08-22-2009 05:13 PM - edited 08-22-2009 05:17 PM
Using Norton AntiVirus 2008 is fine, although, when your Subscription is going to Expire, I would think about Upgrading to N.I.S. 2010.
Now, on to your main Issue.
Have you Completed a Full System Scan with Norton, Dis-Connected from the Internet, making sure you Run LiveUpdate just before dis-connecting? If not, I would suggest doing this and letting us know the Scan Results. Thanks!
Could you also please Run a HiJackThis Log for us, so we can see what's Running on your computer:
Download HiJackThis, http://www.trendsecure.com/portal/en-US/tools/secu
08-22-2009 07:55 PM