Another generic host process win32 services question

[Smafie]

Hi..

I've looked through various threads on this subject and have a slightly different question relating to this app.

For a few days I've noticed MSN doesn't seem to connect properly. Today not at all. I also spotted there was a lot of activety with data transfer via this app when Nothing was open, inc MSN. I checked ZA and can see it's the aforementioned generic host app doing something!

In an effort to sort this out i have done 2 system restores to when it did work ok, updated ZA, Adaware and installed another AV prog, and reinstalled MSN. Yet still this online activety is there even if nothing is open. I've tried blocking this process but then IE refuses to work.

My question is, why would this app download data, or rather What is it downloading??

Regards
Steve

 

[RealBlackStuff]

This could be your automatic updating of Windows, or your antivirus updating.
What OS are you using?
Do a full AV-check, as well as run Spybot (after you updated the definitions).

 

[Smafie]

It's Win XP. I dont use Auto Update. And the AV prog was shutdown at the time, but had finished an update anyway.

I have run a full AV and also Anti Spyware too. Strangley shutting down ZA since first posting and monitoring it, appears to have stopped it atm. I seem to recall a similar problem which was fixed by shutting down ZA...

Thanks

 

[RealBlackStuff]

If you use the free ZA firewall, change over to the free firewall version from either Outpost - www.agnitum.com - or www.kerio.com or www.sygate.com
They are less intrusive.

 

[Smafie]

Actually it's not the free ZA. However i tried Outpost and was unable to use the Browser at all. Since closing down ZA and a further restore this 'traffic' seems to have stopped atm. I've run a full AV and spyware scan again which finds nothing, but there is a definite 'feel' that something isn't quite right to it atm.

Gawd, i seem to spend more time trying to get these 2 computers working properly lately than actually using them! Makes you wonder if it's all worth it.

Thanks

 

[ricvai7]

People running a default installation of Windows XP won’t know this service is running and listening for outside devices. The information is there for those who know where to look and see what services are running and what ports are open, but it’s not information an average user would know. However, if a third party firewall is installed, users may begin to see things.

Windows XP ships with Internet Connection Firewall, which does a good job in doing what it was designed to do. The problem is that it was only designed as half a wall – it appears to do a good job at keeping outsiders from coming in to the computer. However, it does nothing about the reverse – letting something already on the computer connect to the outside. That means that spyware, or an Internet worm such as the I LoveYou virus has freedom to connect to the outside.

A third-party firewall, such as Zone Labs ZoneAlarm, will keep track of this outbound traffic, too. Right after we installed the final version of Windows XP on a computer here, and turned it into a production computer (one that i use for actual work, such as writing this post, as opposed to a test computer) i've installed Zone Alarm. It immediately gave out alerts that Generic Host Process for Win32 Services was trying to listen on the Internet to address 239.255.255.250 on port 1900. That IP address is reserved, it’s not part of regular Internet addressing, so it wasn’t trying to contact another computer. Experimentation showed that the computer seemed to work fine when telling ZoneAlarm not to let that service listen. Later, some research on Microsoft TechNet showed that this was part of the Universal Plug and Play Service. Since it seemed to be there on purpose, but didn’t seem to do anything, the “mystery” was put on the back burner. At some point, it might make a good story going through the list of services running by default, and determining what can be turned off. (Although ZoneAlarm was instructed to deny that service access to the port in the meantime.)

By the way...why don't u try surfing using Mozilla firefox instead of IE because i believed IE will download ActiveX by default and that's how hackers smugling into your computer... :slurp:

 

[Smafie]

Hi..

Thanks for that. I am using Firefox and also Deepnet too.

Those are good points and i also have the Windows Firewall on atm. I noticed that after a few different attempts at fixing this unrequested traffic - which was one way - inbound only (checked the amount of data bytes) i eventually stopped it but the PC is not behaving correctly still. MSN still refuses to connect half the time, in spite of reinstalling it at least 3 times. Sometimes it connects, others it wont! One or 2 apps have an error upon trying to reboot the thing too in the form of unable to close. These apps have been reinstalled in case certain files were affected by a system retore.

So while the original mystery about what was downloading or talking, for what of a better word has stopped, the PC is left in a less than perfect state atm. It seems to be only MSN that wont connect now, I put ICQ on it and that is fine, and other internet apps are ok.

I agree with you that when we put these apps on and they tell us of a potential hazard where none would be given prior to installing 3rd party firewalls etc makes us a little paranoid maybe. In fact this problem was not anything to do with ZA at all originally, i simply noticed there was traffic via the icons in the taskbar when nothing was open on the desktop..

EDIT: As an aside, i have just recalled that this all started to happen shortly after my GF checked her Yahoo email on it..! Bless her. Which was full of spam and crappy popups etc. In view of the ActiveX issue

Regards

 

[erinking_xoxo]

I fixed it!

Hello!

I had this EXACT same problem and it was driving me insane. I could tell it was an internet thing because as soon as i disconnected my comp from the internet my computer ran fine. What I did is I disconnected the computer from the internet, then brought up task manager (control alt delete). Then I plugged the computer back in to the internet and watched the processes. Bingo! One process was eating up 98% of my CPU and it was a process I had never heard of. So I disconnected the internet again and looked up in "search files or folders" for the process name that was causing my comp so much trouble. It found it, and the properties said the file was created within the last 3 days, so i knew it was some sort of virus, not a necissary component of my computer to any extent. So i went back to task manager and hit "end process" then went to the file folder it was in and deleted it manually. My computer has been running fine since. I wish I could remember what the name of the process was but I hope my story will help you find it yourself. Whatever this file is I hope ad-aware or norton/mcafee can find it soon.

Hope this helps!!!

 

[Smafie]

Thanks for the reply.

I fixed it via the various restores etc and changed to Sygate's firewall and so far it is working ok. I dont think i ever really got to the bottom of it as far as exactly what was causing it like you did even though i did a similar job with Task Manager, which is a drag cos i wanted to find it. Still i guess it is now working again..

Regards..