Svchost.exe connecting to different IPs with remote port 445
Posted
by
Coll911
on Super User
See other posts from Super User
or by Coll911
Published on 2012-03-23T15:44:21Z
Indexed on
2012/03/24
17:32 UTC
Read the original article
Hit count: 202
windows-xp
Im using Windows XP Professional SP2.
Whenever I start my Windows, svchost.exe
starts connecting to all the possible IPs on LAN like from 192.168.1.2
to 192.168.1.200
. The local port ranges from 1000-1099 and the remote port being 445.
After it's done with the local IPs, it starts connecting to other random IPs.
I tried blocking connections to the port 445 using the local security polices but it didn't work. Is there any possible way I could prevent svchost
from connecting to these IPs without involving any firewall installed? My PC slows down due to the load.
I scanned my PC with MalwareBytes and found out it was infected with a worm, it's deleted now but still svchost
is connecting to the IPs.
I also found out that in my Windows Firewall settings, under Internet Control Message Protocol (ICMP), there's a tick on "allow incoming echo request" (usually disabled) which is locked and I can't disable it.
Its description is as follows
Messages sent to this computer will be repeated back to the sender. This is used for trouble shooting for e.g to ping a machine. Requests of this type are automatically allowed if TCP port 445 is enabled.
Any solutions? I can't bear going with the reinstalling Windows phase again.
© Super User or respective owner