Sign in to follow this  
GarryJones

Identifying programs that use svchost?

Recommended Posts

Open letter to support and forum posting:

 

Dear Sirs

 

For the last four years I have been using Avast anti-virus. These last few days I noticed that my home adsl wifi internet was extremely slow from my desktop pc. Not so from my laptop. I downloaded the free program Internet Traffic Agent. It showed me connections to various ip addresses around the world. My computer was sending and receiving large amounts of data to about 30 ip addresses. In all cases the offending program was svchost.exe – It is in the correct folder and size checks out. Running windows 7 64.

 

The connection with the highest amount of traffic was to “185-60.107-92.cust.bluewin.ch”.

 

I googled that address and arrived at the following,

Source:

http://www.64u.ch/phpcounter/index.php?l=bg&name=manga.64u.ch&action=hits&page=17

Quote:

Име: manga.64u.ch

Заглавие: EROTIK - 64u.ch - manga

URL адрес: http://manga.64u.ch/

 

A site I have never been anywhere near.

There are other strange connections are also sending and receiving data to other addresses. But this one had high ammounts of data, about 3Gb sent from my pc in a few hours and 5GB received. This convinced me that Avast was an amateur program that had missed this attack. So I uninstalled Avast from my desktop pc and laptop and purchased Ad-Aware Pro-security. I chose the program because

 

1) Peer reviews on the net.

2) Powerful two-way firewall, network & email protection

3) Safely Shop & Bank Online

 

I opted for the three year 2 computer version of the program.

 

I have now installed it and carried out full system scans. Both my machines are clean. And your firewall only gives me a chance to deny or allow svchost.exe access to the internet. It needs access for other programs to run. I thought “powerfull two way firewall” would identify which bogus program or dll is calling svchost so I can delete the offending program.

 

I am not happy with my purchase. Surely in 2012 a program that prides itself on being able to defeat malware, adware and viruses should be able to pick up the offending file that is accessing these sites. It would appear the scammers have got one step ahead of your programmers. As long as their programs can access the world through svchost you (and your users) are unable to stop the attacks.

 

I request a solution from your support team. I want to weed out the offending programs and dlls and delete them without the need for a complete restore of my pc. Otherwise I request a full refund based on the following.

 

From your website:

Get complete peace of mind when shopping or banking.

While it is generally safe to shop and bank online, as a general rule it is better to be very cautious about giving out your personal information online. Cybercriminals can use a variety of techniques to steal your credit card information or banking passwords - from impersonating reputable websites to forging the security certificates of online stores or banks.

Our Real-Time Web Filter protects you against phishing attacks by constantly analyzing in real-time links that are often found on the Internet, in emails and in messages. With the Real Time Web Filter on, malicious links, content or malware are pro-actively blocked before they can harm your computer. Protect yourself against cyber criminals out to steal your credit card data or banking information.

 

This is false marketing as it was first after installing that it becomes clear to users that this only works in the USA. It was one of the selling points that enticed me to choose your program over the others. Based on that alone I am entitled to a full refund because the program does not do what you are saying it will do.

 

I will then search around for another anti-virus program that can identify the dlls and programs calling for access via svchost.

 

Yours sincerely................................

I received a nice email from the sales team. Appears I am entitled to a full money back 30 day refund. They told me to ask in the forums. So there you go. I will not wait 30 days as I still have a lot of action on my internet through svchost if I open it in the firewall.

 

Can anyone help me identify which programs or dlls are actually behind the bogus connections utilising svchost?

Share this post


Link to post
Share on other sites

Hi GarryJones,

 

Please, to get help with investigating and cleaning your computer follow the instructions in the topic Read This Before You Post!.

 

It is strange, that the sales team wrote, that you should write in the forum to get in contact with the support team at Lavasoft. The forum is not monitored by them. The proper way to contact support is on http://lavasoft.com/mylavasoft/support/supportcenter/contact_support but since you are here, please send me a PM with the email address used when purchasing Ad-Aware and I will forward it to my contact person at Lavasoft.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this