Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Generic Host Process for Win (SVCHOST.EXE)

0 views
Skip to first unread message

Mike Hansford

unread,
Jan 15, 2004, 9:37:38 PM1/15/04
to
Can anyone tell me why the Generic Host Process for Windows (ie
C:\WINNT\SYSTEM32\SVCHOST.EXE) requires access to the Internet - either
incoming or outgoing? I currently have Kerio Firewall set to deny access in
both directions with seemingly no effect. Back about September, I think
this exposed my machine to something nasty though I can't remember what
now.

Any help here would be appreciated.

Cheers
Mike

Duane Arnold

unread,
Jan 15, 2004, 10:20:07 PM1/15/04
to
Mike Hansford <han...@yahoo.com.au> wrote in
news:1ttly8nlmqdid$.qq93pcjjuhmv$.d...@40tude.net:

That's svchost.exe job is to communicate on the network for the NT based
O/S. Many programs elements of the O/S use svchost.exe to perform various
tasks with one of the tasks of svchost.exe being communications. There
can be several svchost.exe(s) running on the machine at the same time
doing various tasks. Also, malware such as spyware and Trojans can use
svchost.exe too to communicate. So it's not just svchost.exe that wants
communications. It's a program using svchost.exe on its behalf for the
communications. A svchost.exe that's not running out of *system32* will
be a Trojan named svchost.exe so that the name will fool the user.

Prcview or Process Explorer both are (free use Google) will allow someone
to look inside svchost.exe to see what programs are using svchost.exe
while it's running.

And in general, Google is your friend to ask the question *What is
svchost.exe?*.

Duane :)

0 new messages