I keep getting regular IPS history displays pointing to application: \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE.

(I only have one physical hard disk with 2 partitions; OS (C:\) and Backup (E:\))

There is no offending URL, and the Remote Address is always 94.228.*.*, to which I did a trace on said IP address and was informed that it was from The Netherlands via Netrouting Data Facilities.

Another history display had the same two IP octets and was from Russia via Exe-Net [Advertising].

I'm curious why my machine is related to those particular locations, and what I can do / what will be done by Symantec about it. I'm not extremely worried, but these same logs are getting annoying at least. =/

Thanks for your time.

Hi Humanoid,

What is the risk name for this detection?  If the attacks are all the same threat and you are just annoyed with all the alerts you can tell Norton to stop notifying you when it blocks this threat.  The option for doing this is found by highlighting the entry in Norton Security History, clicking "More Details" and looking under "Actions."

As to what more you or Symantec can do:  Norton is already doing what it is designed to do - blocking the intrusion.  It would appear that this threat may be connected with an advertising company being hosted in Russia and so the malicious code could be in an ad that you are encountering on a frequently visited website.  Blocking active scripting in your browser would probably stop the attacks, but in IE it would likely also block a lot of website functionality except for sites you add to IE's Trusted SItes Zone.  A good per-site solution would be to use Firefox with the NoScript add-on which would not allow scripts to run except on sites you whitelist.  Ads from third-party sites that are placed on your whitelisted sites will not be able to run scripts unless you allow it.

What version of Norton are you running? Under Help and Support>about should be a number starting with 15., 16, or 17.

Your first entry would indicate that something in your computer is using svchost to make the required connection. You do not show if this entry is logged or blocked.

This link will provide information on svchost, what it does and how to find out what service is connected to that connection.

http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

The other entry that you mention appear to be incoming, though again you do not mention whether they have been logged or blocked.  More information would be helpful.

I apologize. It's a statistical submission listed as Info with "No actions available for this item."

My concern isn't the notification for them, but rather the idea of finding the source of the issue.

Maybe I'm just paranoid, haha, but I hope the Processing status will return a block for future detections.

I use Google Chrome on Vista SP 2.

If anyone has a suggestion on what Extension I should use to block active scripts it would be much appreciated, as I couldn't find one, and I love Chrome. D:

[edit]

Product Name: Norton Security Suite

Humanoid:

If you click on the entry in history, you should find a button on the right hand side of the screen that says more details.  There may be one screen or another tab that will give you the path to the file.  Let us know what you find.

Yes, delphinium, the Application Name given in my first post is the only path shown.

Hmmm..