subject:"RE\: \[Full\-disclosure\] svchost.exe try to send http outside"

Re: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread Josh Zlatin-Amishav

On Wed, 17 Aug 2005 [EMAIL PROTECTED] wrote: Dear all, I discovered that an "svchost.exe" start when the server start. This svchost.exe try to sync_sent to random http host when I view from netstat, active port, and pviewer. However, does anyone know which worms/torjon/normal process causes th

RE: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread Mike

Hi Howard, Very hard to say without having a sample or knowing what service your server performs. svchost.exe is a valid Windows process and also commonly used by/with many many malware. Regards Mike www.infosec.co.nz -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

RE: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread howard . lee

.nz> cc: 17/08/2005 18:46 Subject: RE: [Full-disclosure] svchost.exe try to send http

Re: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread Mark

[EMAIL PROTECTED] wrote: > The svchost.exe will stop to run when I stop the automatic update. > > But I'm sure the IP tried to connect by the svchost is NOT MS related site. > > 218.213.255.29 > 80.15.249.167 > > Regards, > Howard > Well, the first one, probably not. inetnum: 218.213.0.0

Re: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread Simon Richter

Hi, [EMAIL PROTECTED] wrote: > The svchost.exe will stop to run when I stop the automatic update. > But I'm sure the IP tried to connect by the svchost is NOT MS related site. > 218.213.255.29 > 80.15.249.167 I believe this to be automatic update. The second IP address is listed for Akamai, wh

Re: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread Paul Schmehl

--On Wednesday, August 17, 2005 18:12:26 +0800 [EMAIL PROTECTED] wrote: Dear all, I discovered that an "svchost.exe" start when the server start. This svchost.exe try to sync_sent to random http host when I view from netstat, active port, and pviewer. The first thing you should do is search fo

RE: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread CIRT.DK Mailinglists

: Re: [Full-disclosure] svchost.exe try to send http outside --On Wednesday, August 17, 2005 18:12:26 +0800 [EMAIL PROTECTED] wrote: > Dear all, > > I discovered that an "svchost.exe" start when the server start. This > svchost.exe try to sync_sent to random http host when

RE: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread Aditya Deshmukh

> Very hard to say without having a sample or knowing what service your server > performs. svchost.exe is a valid Windows process and also commonly used > by/with many many malware. Care to send a sample ? Delivered using

RE: [Full-disclosure] svchost.exe try to send http outside

2005-08-17 Thread howard . lee

process stop. So I think it's a valid process, not a worm. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 星期四, 18 八月, 2005 AM 9:24 To: #YU KUAN# Cc: [EMAIL PROTECTED] Subject: RE: [Full-disclosure] svchost.exe try to send http outside Hi, Yes, I've al

Re: [Full-disclosure] svchost.exe try to send http outside

RE: [Full-disclosure] svchost.exe try to send http outside

RE: [Full-disclosure] svchost.exe try to send http outside

Re: [Full-disclosure] svchost.exe try to send http outside

Re: [Full-disclosure] svchost.exe try to send http outside

Re: [Full-disclosure] svchost.exe try to send http outside

RE: [Full-disclosure] svchost.exe try to send http outside

RE: [Full-disclosure] svchost.exe try to send http outside

RE: [Full-disclosure] svchost.exe try to send http outside

9 matches

Site Navigation

Mail list logo

Footer information