Dear all,
I discovered that an "svchost.exe" start when the server start.
This svchost.exe try to sync_sent to random http host when I view from
netstat, active port, and pviewer.
However, does anyone know which worms/torjon/normal process causes the
svchost do such job? and how to stop this?
Is
The svchost.exe will stop to run when I stop the automatic update.
But I'm sure the IP tried to connect by the svchost is NOT MS related site.
218.213.255.29
80.15.249.167
Regards,
Howard
Thanks.
I've check all the IP which the process generate. Part of them can be
confirmed as Microsoft IP.
I'm now contacting Microsft for the remaing IP list and asking them the
details about automatic update.
I think it is a valid windows update.
Microsoft
207.46.19.93
207.46.244.219
207.46.244.2
