Guest Ken Walsh Posted October 15, 2008 Posted October 15, 2008 Hi, I wonder if someone can help me. When I start my machine up I get a `Zone alarm pop up security alert` Server Program saying Generic Host Process for Win32 Servers is trying to act as a server Identification: None Application: sychost.exe Source IP: 0.0.0.0.Port 135 if I do either, click on the button `remember this setting.`Allow` or `Deny` Zone Alarm then starts up and my machine works OK. The trouble is it will still pop up next time I boot up so its getting to be a pain. Any ideas how to stop this popping up every time. Thanks Ken
Guest Wilderbeast Posted October 15, 2008 Posted October 15, 2008 Re: Zone Alarm popup Ken Walsh wrote: > Hi, > > I wonder if someone can help me. When I start my machine up I get a > `Zone alarm pop up security alert` Server Program saying > Generic Host Process for Win32 Servers is trying to act as a server > > Identification: None > Application: sychost.exe > Source IP: 0.0.0.0.Port 135 > > if I do either, click on the button `remember this setting.`Allow` or > `Deny` Zone Alarm then starts up and my machine works OK. > The trouble is it will still pop up next time I boot up so its > getting to be a pain. Any ideas how to stop this popping up every > time. > > Thanks > > Ken sychost.exe is a malicious process related to LEOX.B virus. It is a dangerous threat to your system and therefore should be removed immediately after detection. http://www.2-spyware.com/remove-sychost-exe.html http://www.google.com/search?hl=en&q=sychost.exe&btnG=Google+Search&aq=f&oq=
Guest Ken Walsh Posted October 15, 2008 Posted October 15, 2008 Re: Zone Alarm popup "Wilderbeast" <Wilderbeast@unlisted.com> wrote in message news:D6mdncbR0rk6BGjVnZ2dnUVZ_g2dnZ2d@comcast.com... > > > Ken Walsh wrote: >> Hi, >> >> I wonder if someone can help me. When I start my machine up I get a >> `Zone alarm pop up security alert` Server Program saying >> Generic Host Process for Win32 Servers is trying to act as a server >> >> Identification: None >> Application: sychost.exe >> Source IP: 0.0.0.0.Port 135 >> >> if I do either, click on the button `remember this setting.`Allow` or >> `Deny` Zone Alarm then starts up and my machine works OK. >> The trouble is it will still pop up next time I boot up so its >> getting to be a pain. Any ideas how to stop this popping up every >> time. >> >> Thanks >> >> Ken > > sychost.exe is a malicious process related to LEOX.B virus. It is a > dangerous threat to your system and therefore should be removed > immediately after detection. > > http://www.2-spyware.com/remove-sychost-exe.html > > http://www.google.com/search?hl=en&q=sychost.exe&btnG=Google+Search&aq=f&oq= > > I`m reading on sites that svchost.exe is a legit windows file that is run by the system???
Guest Lars-Erik Østerud Posted October 15, 2008 Posted October 15, 2008 Re: Zone Alarm popup > I`m reading on sites that svchost.exe is a legit windows file that is run by > the system??? Byt you wrote "sychost.exe", that's not the same program -- Lars-Erik Østerud : http://www.osterud.name
Guest TMitchell Posted October 15, 2008 Posted October 15, 2008 Re: Zone Alarm popup Ken Walsh wrote: > Hi, > > I wonder if someone can help me. When I start my machine up I get a `Zone > alarm pop up security alert` Server Program saying > Generic Host Process for Win32 Servers is trying to act as a server > > Identification: None > Application: sychost.exe > Source IP: 0.0.0.0.Port 135 > > if I do either, click on the button `remember this setting.`Allow` or `Deny` > Zone Alarm then starts up and my machine works OK. > The trouble is it will still pop up next time I boot up so its getting to be > a pain. Any ideas how to stop this popping up every time. > > > Thanks > > Ken > > > Can't help, but I'm having the exact same problem these past few weeks. Don't know why it started or how to solve it.
Guest Patrick Keenan Posted October 15, 2008 Posted October 15, 2008 Re: Zone Alarm popup "Ken Walsh" <ken@nospam.co.uk> wrote in message news:nOOdnctNLYLjN2jVnZ2dnUVZ8sCdnZ2d@posted.plusnet... > > "Wilderbeast" <Wilderbeast@unlisted.com> wrote in message > news:D6mdncbR0rk6BGjVnZ2dnUVZ_g2dnZ2d@comcast.com... >> >> >> Ken Walsh wrote: >>> Hi, >>> >>> I wonder if someone can help me. When I start my machine up I get a >>> `Zone alarm pop up security alert` Server Program saying >>> Generic Host Process for Win32 Servers is trying to act as a server >>> >>> Identification: None >>> Application: sychost.exe >>> Source IP: 0.0.0.0.Port 135 >>> >>> if I do either, click on the button `remember this setting.`Allow` or >>> `Deny` Zone Alarm then starts up and my machine works OK. >>> The trouble is it will still pop up next time I boot up so its >>> getting to be a pain. Any ideas how to stop this popping up every >>> time. >>> >>> Thanks >>> >>> Ken >> >> sychost.exe is a malicious process related to LEOX.B virus. It is a >> dangerous threat to your system and therefore should be removed >> immediately after detection. >> >> http://www.2-spyware.com/remove-sychost-exe.html >> >> http://www.google.com/search?hl=en&q=sychost.exe&btnG=Google+Search&aq=f&oq= >> >> > I`m reading on sites that svchost.exe is a legit windows file that is run > by the system??? As pointed out, look very carefully at the name of the process. It's got a Y, not a V, in it. This is a fairly common trick used by malware authors, to make you think that the process is legitimate. You need to check that this isn't a typo. HTH -pk
Guest Kayman Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >> Identification: None >> Application: sychost.exe >> Source IP: 0.0.0.0.Port 135 >> > Can't help, but I'm having the exact same problem these past few weeks. > Don't know why it started or how to solve it. 1.Uninstall/Remove ZA from your OS and DON'T re-install! http://zonealarm.donhoover.net/uninstall.html --or-- Revo Uninstaller http://www.revouninstaller.com/ 2.For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise Safe-Hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Windows XP: How to turn on your firewall. http://www.microsoft.com/protect/computer/firewall/xp.mspx Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx 3.Click Start==>Run... then type (or copy/paste) inetcpl.cpl into the box, click the 'OK' button. In Internet Properties panel 'General' tab, under 'Browsing history', click 'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete all...'button then place a checkmark into the box beside 'Also delete files and settings stored by add-ons', Click 'Yes' and exit the Internet Properties panel by clicking the 'OK' button. Done! 4.Download David H. Lipman's MULTI_AV.EXE directly: http://www.pctip.ch/ds/28400/28470/Multi_AV.exe --or-- http://212.98.39.7/ds/28400/28470/Multi_AV.exe --or-- from URL: http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/ NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. Additional Instructions: http://pcdid.com/Multi_AV.htm NOTE: To use this utility, perform the following... Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS} Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT {or Double-click on 'Start Menu' in C:\AV-CLS} Other quality Standalone Malware Scanners are: Kaspersky® AVPTool http://avptool.virusinfo.info/en/ Direct: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ --and-- Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ --and-- Malwarebytes© Corporation - Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't turn into full blown scanners), thus they need to be re-downloaded every time there's an update. 5.Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis Please, do not post HJT logs to this newsgroup. Fora where you can get expert advice for HiJack This! (HJT) logs. http://www.thespykiller.co.uk/index.php?board=3.0 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.tomcoyote.org/index.php?showforum=27 http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29 NOTE: Registration is required in any of the above mentioned fora before posting a HJT log and read the 'stickies' (instructions/guidelines) for the respective HJT forum. 6.Flush your System Restore after doing these cleaning steps. Do this: Right click "My Computer" icon and select Properties from the drop down list. On the system Properties click on System Restore Tab and [check] the box 'Turn off System Restore on all drives'. Click 'Apply' then click 'OK' Reboot. Right click "My Computer" icon and select Properties from the drop down list. On the system Properties click on System Restore Tab and [uncheck] the box 'Turn off System Restore on all drives'. Note: ensure that under 'Available drives' the Status of Drive does show 'Monitoring'. And then manually create a Restore point. Go to: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx And scroll down to: Create a Restore Point. 7.Configure Windows by using: Seconfig XP 1.1 http://seconfig.sytes.net/ 8.Routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Good luck :)
Guest HeyBub Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup Kayman wrote: > On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: > >>> Identification: None >>> Application: sychost.exe >>> Source IP: 0.0.0.0.Port 135 >>> >> Can't help, but I'm having the exact same problem these past few >> weeks. Don't know why it started or how to solve it. > > 1.Uninstall/Remove ZA from your OS and DON'T re-install! > http://zonealarm.donhoover.net/uninstall.html > --or-- > Revo Uninstaller > http://www.revouninstaller.com/ > [...] The OP has a Trojan and you're telling him to remove the software that detected it? Outstanding.
Guest Kayman Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: > Kayman wrote: >> On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >> >>>> Identification: None >>>> Application: sychost.exe >>>> Source IP: 0.0.0.0.Port 135 >>>> >>> Can't help, but I'm having the exact same problem these past few >>> weeks. Don't know why it started or how to solve it. >> >> 1.Uninstall/Remove ZA from your OS and DON'T re-install! >> http://zonealarm.donhoover.net/uninstall.html >> --or-- >> Revo Uninstaller >> http://www.revouninstaller.com/ >> > > [...] > > The OP has a Trojan and you're telling him to remove the software that > detected it? According to the hype, ZA is supposed to prevent the installation of malware. The OP's OS is compromised. Implementing my suggestions will remove this Trojan and keep malware out of his OS. > Outstanding. Yes, I know.
Guest John John (MVP) Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup Kayman wrote: > On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: > > >>Kayman wrote: >> >>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>> >>> >>>>>Identification: None >>>>>Application: sychost.exe >>>>>Source IP: 0.0.0.0.Port 135 >>>>> >>>> >>>>Can't help, but I'm having the exact same problem these past few >>>>weeks. Don't know why it started or how to solve it. >>> >>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>http://zonealarm.donhoover.net/uninstall.html >>>--or-- >>>Revo Uninstaller >>>http://www.revouninstaller.com/ >>> >> >>[...] >> >>The OP has a Trojan and you're telling him to remove the software that >>detected it? > > > According to the hype, ZA is supposed to prevent the installation of > malware. The OP's OS is compromised. Implementing my suggestions will > remove this Trojan and keep malware out of his OS. I'm no fan of ZA but I have never heard that its basic firewall is supposed to prevent the installation of malware. Where have you seen ZA advertise or state that its basic firewall prevents the installation of malware? John
Guest Bob I Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup Kayman wrote: > On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: > > >>Kayman wrote: >> >>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>> >>> >>>>>Identification: None >>>>>Application: sychost.exe >>>>>Source IP: 0.0.0.0.Port 135 >>>>> >>>> >>>>Can't help, but I'm having the exact same problem these past few >>>>weeks. Don't know why it started or how to solve it. >>> >>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>http://zonealarm.donhoover.net/uninstall.html >>>--or-- >>>Revo Uninstaller >>>http://www.revouninstaller.com/ >>> >> >>[...] >> >>The OP has a Trojan and you're telling him to remove the software that >>detected it? > > > According to the hype, ZA is supposed to prevent the installation of > malware. The OP's OS is compromised. Implementing my suggestions will > remove this Trojan and keep malware out of his OS. > You may want to see what that free version actually does. http://www.zonealarm.com/store/content/catalog/products/znalm/comparison.jsp
Guest Lars-Erik Østerud Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup > According to the hype, ZA is supposed to prevent the installation of > malware. The OP's OS is compromised. Implementing my suggestions will > remove this Trojan and keep malware out of his OS. Standard FREE ZoneAlarm is just a firewall. It will not prevent anything from installing and/or running. It WILL however prevent it from accessing the network. So I'd say it (this time) did exacly what it should. With an AV sofware installed he'd probably wouldn't have the spyware/malware installed in the first place though. -- Lars-Erik Østerud : http://www.osterud.name
Guest Leonard Grey Posted October 16, 2008 Posted October 16, 2008 Re: Zone Alarm popup Did it take one hand or two hands to pull that out of your ass? -- Leonard Grey Errare humanum est "Kayman <kaymanDeleteThis@operamail.com>" wrote >According to the hype, ZA is supposed to prevent the installation of >malware.
Guest Leonard Grey Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Aha...I see Murphy is active in this newsgroup as well. Some background: I am the real Leonard Grey. The rude post copied below was not created by me. It was created by a disturbed individual named Murphy. Murphy is a very angry person, and he is apparently suffering side effects from taking Rimonabant (brand name: Zimultri, produced by Sanofi-Adventis.) . Rimonabant is an anti-obesity drug that has been documented by the United States FDA to cause severe depression. Murphy's game is to try to impersonate people in these newsgroups, and then make rude and even revolting posts in their names. He's done it to nass, he's done it to me, and to others. Unfortunately, there's nothing anyone can do about it, AFAIK. It's not hard to tell the difference between posts made me - the real me - and Murphy's impersonation. I do not normally post to this newsgroup, and I won't post to this thread again, so any other posts in this thread that have my name on them are coming from Murphy. To the OP and all others who have genuinely tried to help: I'm sorry this mess has gotten in the way of your getting the answer you need. --- Leonard Grey Errare Humanum Est Leonard Grey wrote: > Did it take one hand or two hands to pull that out of your ass? > -- > Leonard Grey > Errare humanum est > > > "Kayman <kaymanDeleteThis@operamail.com>" wrote > >> According to the hype, ZA is supposed to prevent the installation of >> malware.
Guest Kayman Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup On Thu, 16 Oct 2008 09:52:28 -0300, John John (MVP) wrote: > Kayman wrote: >> On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: >> >> >>>Kayman wrote: >>> >>>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>>> >>>> >>>>>>Identification: None >>>>>>Application: sychost.exe >>>>>>Source IP: 0.0.0.0.Port 135 >>>>>> >>>>> >>>>>Can't help, but I'm having the exact same problem these past few >>>>>weeks. Don't know why it started or how to solve it. >>>> >>>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>>http://zonealarm.donhoover.net/uninstall.html >>>>--or-- >>>>Revo Uninstaller >>>>http://www.revouninstaller.com/ >>>> >>> >>>[...] >>> >>>The OP has a Trojan and you're telling him to remove the software that >>>detected it? >> >> >> According to the hype, ZA is supposed to prevent the installation of >> malware. The OP's OS is compromised. Implementing my suggestions will >> remove this Trojan and keep malware out of his OS. > > I'm no fan of ZA but I have never heard that its basic firewall is > supposed to prevent the installation of malware. Where have you seen ZA > advertise or state that its basic firewall prevents the installation of > malware? In my newsreader the posts authored by KW and TM do not indicate specifics of ZA. The hype created by ZA is real ("Blocks malicious program attacks including rootkits"), just Google it. Be that as it may, the real issue and the crux of the matter is the removal/prevention of malware; the suggestions offered are appropriate and, if followed, will correct this.
Guest TMitchell Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Patrick Keenan wrote: > > "Ken Walsh" <ken@nospam.co.uk> wrote in message > news:nOOdnctNLYLjN2jVnZ2dnUVZ8sCdnZ2d@posted.plusnet... >> >> "Wilderbeast" <Wilderbeast@unlisted.com> wrote in message >> news:D6mdncbR0rk6BGjVnZ2dnUVZ_g2dnZ2d@comcast.com... >>> >>> >>> Ken Walsh wrote: >>>> Hi, >>>> >>>> I wonder if someone can help me. When I start my machine up I get a >>>> `Zone alarm pop up security alert` Server Program saying >>>> Generic Host Process for Win32 Servers is trying to act as a server >>>> >>>> Identification: None >>>> Application: sychost.exe >>>> Source IP: 0.0.0.0.Port 135 >>>> >>>> if I do either, click on the button `remember this setting.`Allow` or >>>> `Deny` Zone Alarm then starts up and my machine works OK. >>>> The trouble is it will still pop up next time I boot up so its >>>> getting to be a pain. Any ideas how to stop this popping up every >>>> time. >>>> >>>> Thanks >>>> >>>> Ken >>> >>> sychost.exe is a malicious process related to LEOX.B virus. It is a >>> dangerous threat to your system and therefore should be removed >>> immediately after detection. >>> >>> http://www.2-spyware.com/remove-sychost-exe.html >>> >>> http://www.google.com/search?hl=en&q=sychost.exe&btnG=Google+Search&aq=f&oq= >>> >>> >>> >> I`m reading on sites that svchost.exe is a legit windows file that is >> run by the system??? > > As pointed out, look very carefully at the name of the process. It's > got a Y, not a V, in it. This is a fairly common trick used by malware > authors, to make you think that the process is legitimate. > > You need to check that this isn't a typo. > > HTH > -pk I can't answer for the OP, but my AZ popup states it's "svchost.exe", not the malware version "sychost.exe", so I suppose that is what the OP meant to state too. So, that leaves us with the original question that remains unanswered (except for the somewhat unhelpful "...remove ZoneAlarm and stick with Windows firewall...". which, while I appreciate and respect the intent of, is not what the OP and I are asking about as a possible solution for the stated problem).
Guest John John (MVP) Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Kayman wrote: > On Thu, 16 Oct 2008 09:52:28 -0300, John John (MVP) wrote: > > >>Kayman wrote: >> >>>On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: >>> >>> >>> >>>>Kayman wrote: >>>> >>>> >>>>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>>>> >>>>> >>>>> >>>>>>>Identification: None >>>>>>>Application: sychost.exe >>>>>>>Source IP: 0.0.0.0.Port 135 >>>>>>> >>>>>> >>>>>>Can't help, but I'm having the exact same problem these past few >>>>>>weeks. Don't know why it started or how to solve it. >>>>> >>>>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>>>http://zonealarm.donhoover.net/uninstall.html >>>>>--or-- >>>>>Revo Uninstaller >>>>>http://www.revouninstaller.com/ >>>>> >>>> >>>>[...] >>>> >>>>The OP has a Trojan and you're telling him to remove the software that >>>>detected it? >>> >>> >>>According to the hype, ZA is supposed to prevent the installation of >>>malware. The OP's OS is compromised. Implementing my suggestions will >>>remove this Trojan and keep malware out of his OS. >> >>I'm no fan of ZA but I have never heard that its basic firewall is >>supposed to prevent the installation of malware. Where have you seen ZA >>advertise or state that its basic firewall prevents the installation of >>malware? > > > In my newsreader the posts authored by KW and TM do not indicate specifics > of ZA. > The hype created by ZA is real ("Blocks malicious program attacks including > rootkits"), just Google it. It wouldn't be surprising that you would find that in your Google search, if you don't already know it Zone Alarm is also in the Anti-Virus/Anti-spyware market so it wouldn't be out of the ordinary for anyone in that market to have products capable of blocking those pests and to advertise it, it is no more of a hype than what the other competing companies in that market also claim and advertise about their products. The OP talks about firewall outbound connection attempts, you have no way of knowing if he is using the free basic firewall or the pay for security suite, therefore you have no way of knowing if his ZA product should have prevented the installation of malware. John
Guest Kayman Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup On Thu, 16 Oct 2008 20:31:30 -0500, TMitchell wrote: > Patrick Keenan wrote: >> >> "Ken Walsh" <ken@nospam.co.uk> wrote in message >> news:nOOdnctNLYLjN2jVnZ2dnUVZ8sCdnZ2d@posted.plusnet... >>> >>> "Wilderbeast" <Wilderbeast@unlisted.com> wrote in message >>> news:D6mdncbR0rk6BGjVnZ2dnUVZ_g2dnZ2d@comcast.com... >>>> >>>> >>>> Ken Walsh wrote: >>>>> Hi, >>>>> >>>>> I wonder if someone can help me. When I start my machine up I get a >>>>> `Zone alarm pop up security alert` Server Program saying >>>>> Generic Host Process for Win32 Servers is trying to act as a server >>>>> >>>>> Identification: None >>>>> Application: sychost.exe >>>>> Source IP: 0.0.0.0.Port 135 >>>>> >>>>> if I do either, click on the button `remember this setting.`Allow` or >>>>> `Deny` Zone Alarm then starts up and my machine works OK. >>>>> The trouble is it will still pop up next time I boot up so its >>>>> getting to be a pain. Any ideas how to stop this popping up every >>>>> time. >>>>> >>>>> Thanks >>>>> >>>>> Ken >>>> >>>> sychost.exe is a malicious process related to LEOX.B virus. It is a >>>> dangerous threat to your system and therefore should be removed >>>> immediately after detection. >>>> >>>> http://www.2-spyware.com/remove-sychost-exe.html >>>> >>>> http://www.google.com/search?hl=en&q=sychost.exe&btnG=Google+Search&aq=f&oq= >>>> >>>> >>>> >>> I`m reading on sites that svchost.exe is a legit windows file that is >>> run by the system??? >> >> As pointed out, look very carefully at the name of the process. It's >> got a Y, not a V, in it. This is a fairly common trick used by malware >> authors, to make you think that the process is legitimate. >> >> You need to check that this isn't a typo. >> >> HTH >> -pk > I can't answer for the OP, but my AZ popup states it's "svchost.exe", > not the malware version "sychost.exe", so I suppose that is what the OP > meant to state too. > > So, that leaves us with the original question that remains unanswered > (except for the somewhat unhelpful "...remove ZoneAlarm and stick with > Windows firewall...". which, while I appreciate and respect the intent > of, is not what the OP and I are asking about as a possible solution for > the stated problem). Then you haven't read my post in its entirety!
Guest Kayman Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup On Wed, 15 Oct 2008 07:04:40 +0100, Ken Walsh wrote: > Hi, > > I wonder if someone can help me. When I start my machine up I get a `Zone > alarm pop up security alert` Server Program saying > Generic Host Process for Win32 Servers is trying to act as a server > > Identification: None > Application: sychost.exe > Source IP: 0.0.0.0.Port 135 > > if I do either, click on the button `remember this setting.`Allow` or `Deny` > Zone Alarm then starts up and my machine works OK. > The trouble is it will still pop up next time I boot up so its getting to be > a pain. Any ideas how to stop this popping up every time. Ken Walsh <ken@nospam.co.uk> wrote on 16-Oct-08 6:46:38 PM in comp.security.firewalls Sorry my mistake I went and checked again after reading the replies and like an idiot I am (blind as a bat as well) yes your right it is SVCHOST.EXE and not sychost.exe [unquote] It would've been be nice if you'd advised this group here as well!
Guest Rick Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Ken Walsh wrote: > Hi, > > I wonder if someone can help me. When I start my machine up I get a `Zone > alarm pop up security alert` Server Program saying > Generic Host Process for Win32 Servers is trying to act as a server > > Identification: None > Application: sychost.exe > Source IP: 0.0.0.0.Port 135 > > if I do either, click on the button `remember this setting.`Allow` or `Deny` > Zone Alarm then starts up and my machine works OK. > The trouble is it will still pop up next time I boot up so its getting to be > a pain. Any ideas how to stop this popping up every time. > > > Thanks > > Ken > > > Your question would be better directed to ZoneLabs, or what ever they are calling themselves now. It occurs in ZoneAlarm Pro too. -- Rick Fargo, ND N 46°53'251" W 096°48'279" Remember the USS Liberty http://www.ussliberty.org/
Guest Kayman Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup On Fri, 17 Oct 2008 00:01:19 -0300, John John (MVP) wrote: > Kayman wrote: > >> On Thu, 16 Oct 2008 09:52:28 -0300, John John (MVP) wrote: >> >> >>>Kayman wrote: >>> >>>>On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: >>>> >>>> >>>> >>>>>Kayman wrote: >>>>> >>>>> >>>>>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>>>>> >>>>>> >>>>>> >>>>>>>>Identification: None >>>>>>>>Application: sychost.exe >>>>>>>>Source IP: 0.0.0.0.Port 135 >>>>>>>> >>>>>>> >>>>>>>Can't help, but I'm having the exact same problem these past few >>>>>>>weeks. Don't know why it started or how to solve it. >>>>>> >>>>>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>>>>http://zonealarm.donhoover.net/uninstall.html >>>>>>--or-- >>>>>>Revo Uninstaller >>>>>>http://www.revouninstaller.com/ >>>>>> >>>>> >>>>>[...] >>>>> >>>>>The OP has a Trojan and you're telling him to remove the software that >>>>>detected it? >>>> >>>> >>>>According to the hype, ZA is supposed to prevent the installation of >>>>malware. The OP's OS is compromised. Implementing my suggestions will >>>>remove this Trojan and keep malware out of his OS. >>> >>>I'm no fan of ZA but I have never heard that its basic firewall is >>>supposed to prevent the installation of malware. Where have you seen ZA >>>advertise or state that its basic firewall prevents the installation of >>>malware? >> >> >> In my newsreader the posts authored by KW and TM do not indicate specifics >> of ZA. >> The hype created by ZA is real ("Blocks malicious program attacks including >> rootkits"), just Google it. > > It wouldn't be surprising that you would find that in your Google > search, if you don't already know it Zone Alarm is also in the > Anti-Virus/Anti-spyware market so it wouldn't be out of the ordinary for > anyone in that market to have products capable of blocking those pests > and to advertise it, it is no more of a hype than what the other > competing companies in that market also claim and advertise about their > products. It wouldn't be surprising that a certain John John (MVP) didn't find in his search the ZA firewall which "blocks malicious malware attacks". LOL! To reiterate, I do call their claim to be nothing but a sensational promotion because it (obviously) ain't working! > The OP talks about firewall outbound connection attempts, The OP talks about a malware infection! "sychost.exe is a malicious process related to LEOX.B virus. It is a dangerous threat to your system and therefore should be removed immediately". > you have no way of knowing if he is using the free basic firewall or the > pay for security suite, I know that according to his post, his OS is compromised by malware and he's using a snake oil application for whatever security purpose. Nobody except you is referring to suites. Nice try to redirect content of a posting! What's next? More innuendo and selective snipping of posts to suit your meaningless (scoring or whatever) purpose? Save your efforts - EOD :-) > therefore you have no way of knowing if his ZA > product should have prevented the installation of malware. Irrelevant! Remedy is what's needed. Read my previous post in its entirety and learn to comprehend. BTW, what is your recommendation to tackle sychost.exe; WLOC?
Guest John John (MVP) Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Kayman wrote: > On Fri, 17 Oct 2008 00:01:19 -0300, John John (MVP) wrote: > > >>Kayman wrote: >> >> >>>On Thu, 16 Oct 2008 09:52:28 -0300, John John (MVP) wrote: >>> >>> >>> >>>>Kayman wrote: >>>> >>>> >>>>>On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: >>>>> >>>>> >>>>> >>>>> >>>>>>Kayman wrote: >>>>>> >>>>>> >>>>>> >>>>>>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>Identification: None >>>>>>>>>Application: sychost.exe >>>>>>>>>Source IP: 0.0.0.0.Port 135 >>>>>>>>> >>>>>>>> >>>>>>>>Can't help, but I'm having the exact same problem these past few >>>>>>>>weeks. Don't know why it started or how to solve it. >>>>>>> >>>>>>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>>>>>http://zonealarm.donhoover.net/uninstall.html >>>>>>>--or-- >>>>>>>Revo Uninstaller >>>>>>>http://www.revouninstaller.com/ >>>>>>> >>>>>> >>>>>>[...] >>>>>> >>>>>>The OP has a Trojan and you're telling him to remove the software that >>>>>>detected it? >>>>> >>>>> >>>>>According to the hype, ZA is supposed to prevent the installation of >>>>>malware. The OP's OS is compromised. Implementing my suggestions will >>>>>remove this Trojan and keep malware out of his OS. >>>> >>>>I'm no fan of ZA but I have never heard that its basic firewall is >>>>supposed to prevent the installation of malware. Where have you seen ZA >>>>advertise or state that its basic firewall prevents the installation of >>>>malware? >>> >>> >>>In my newsreader the posts authored by KW and TM do not indicate specifics >>>of ZA. >>>The hype created by ZA is real ("Blocks malicious program attacks including >>>rootkits"), just Google it. >> >>It wouldn't be surprising that you would find that in your Google >>search, if you don't already know it Zone Alarm is also in the >>Anti-Virus/Anti-spyware market so it wouldn't be out of the ordinary for >>anyone in that market to have products capable of blocking those pests >>and to advertise it, it is no more of a hype than what the other >>competing companies in that market also claim and advertise about their >>products. > > > It wouldn't be surprising that a certain John John (MVP) didn't find in his > search the ZA firewall which "blocks malicious malware attacks". LOL! > To reiterate, I do call their claim to be nothing but a sensational > promotion because it (obviously) ain't working! Now you are trying to change your previous statement which was: "According to the hype, ZA is supposed to prevent the installation of malware." It doesn't suprise me that you would now try to change the the discussion to weasle out of your previous incorect statement. John
Guest John John (MVP) Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Kayman wrote: > On Fri, 17 Oct 2008 00:01:19 -0300, John John (MVP) wrote: > > >>Kayman wrote: >> >> >>>On Thu, 16 Oct 2008 09:52:28 -0300, John John (MVP) wrote: >>> >>> >>> >>>>Kayman wrote: >>>> >>>> >>>>>On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: >>>>> >>>>> >>>>> >>>>> >>>>>>Kayman wrote: >>>>>> >>>>>> >>>>>> >>>>>>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>Identification: None >>>>>>>>>Application: sychost.exe >>>>>>>>>Source IP: 0.0.0.0.Port 135 >>>>>>>>> >>>>>>>> >>>>>>>>Can't help, but I'm having the exact same problem these past few >>>>>>>>weeks. Don't know why it started or how to solve it. >>>>>>> >>>>>>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>>>>>http://zonealarm.donhoover.net/uninstall.html >>>>>>>--or-- >>>>>>>Revo Uninstaller >>>>>>>http://www.revouninstaller.com/ >>>>>>> >>>>>> >>>>>>[...] >>>>>> >>>>>>The OP has a Trojan and you're telling him to remove the software that >>>>>>detected it? >>>>> >>>>> >>>>>According to the hype, ZA is supposed to prevent the installation of >>>>>malware. The OP's OS is compromised. Implementing my suggestions will >>>>>remove this Trojan and keep malware out of his OS. >>>> >>>>I'm no fan of ZA but I have never heard that its basic firewall is >>>>supposed to prevent the installation of malware. Where have you seen ZA >>>>advertise or state that its basic firewall prevents the installation of >>>>malware? >>> >>> >>>In my newsreader the posts authored by KW and TM do not indicate specifics >>>of ZA. >>>The hype created by ZA is real ("Blocks malicious program attacks including >>>rootkits"), just Google it. >> >>It wouldn't be surprising that you would find that in your Google >>search, if you don't already know it Zone Alarm is also in the >>Anti-Virus/Anti-spyware market so it wouldn't be out of the ordinary for >>anyone in that market to have products capable of blocking those pests >>and to advertise it, it is no more of a hype than what the other >>competing companies in that market also claim and advertise about their >>products. > > > It wouldn't be surprising that a certain John John (MVP) didn't find in his > search the ZA firewall which "blocks malicious malware attacks". LOL! > To reiterate, I do call their claim to be nothing but a sensational > promotion because it (obviously) ain't working! Now you are trying to change your previous statement which was: "According to the hype, ZA is supposed to prevent the installation of malware." It doesn't suprise me that you would now try to change the the discussion to weasle out of your previous incorect statement. John
Guest TMitchell Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Kayman wrote: > On Thu, 16 Oct 2008 20:31:30 -0500, TMitchell wrote: > >> Patrick Keenan wrote: >>> "Ken Walsh" <ken@nospam.co.uk> wrote in message >>> news:nOOdnctNLYLjN2jVnZ2dnUVZ8sCdnZ2d@posted.plusnet... >>>> "Wilderbeast" <Wilderbeast@unlisted.com> wrote in message >>>> news:D6mdncbR0rk6BGjVnZ2dnUVZ_g2dnZ2d@comcast.com... >>>>> >>>>> Ken Walsh wrote: >>>>>> Hi, >>>>>> >>>>>> I wonder if someone can help me. When I start my machine up I get a >>>>>> `Zone alarm pop up security alert` Server Program saying >>>>>> Generic Host Process for Win32 Servers is trying to act as a server >>>>>> >>>>>> Identification: None >>>>>> Application: sychost.exe >>>>>> Source IP: 0.0.0.0.Port 135 >>>>>> >>>>>> if I do either, click on the button `remember this setting.`Allow` or >>>>>> `Deny` Zone Alarm then starts up and my machine works OK. >>>>>> The trouble is it will still pop up next time I boot up so its >>>>>> getting to be a pain. Any ideas how to stop this popping up every >>>>>> time. >>>>>> >>>>>> Thanks >>>>>> >>>>>> Ken >>>>> sychost.exe is a malicious process related to LEOX.B virus. It is a >>>>> dangerous threat to your system and therefore should be removed >>>>> immediately after detection. >>>>> >>>>> http://www.2-spyware.com/remove-sychost-exe.html >>>>> >>>>> http://www.google.com/search?hl=en&q=sychost.exe&btnG=Google+Search&aq=f&oq= >>>>> >>>>> >>>>> >>>> I`m reading on sites that svchost.exe is a legit windows file that is >>>> run by the system??? >>> As pointed out, look very carefully at the name of the process. It's >>> got a Y, not a V, in it. This is a fairly common trick used by malware >>> authors, to make you think that the process is legitimate. >>> >>> You need to check that this isn't a typo. >>> >>> HTH >>> -pk >> I can't answer for the OP, but my AZ popup states it's "svchost.exe", >> not the malware version "sychost.exe", so I suppose that is what the OP >> meant to state too. >> >> So, that leaves us with the original question that remains unanswered >> (except for the somewhat unhelpful "...remove ZoneAlarm and stick with >> Windows firewall...". which, while I appreciate and respect the intent >> of, is not what the OP and I are asking about as a possible solution for >> the stated problem). > > Then you haven't read my post in its entirety! OK. I read it all, but am confused as to what all of those steps are supposed to accomplish. Looks to me that they are predicated on the assumption that I want to remove ZA from my system (I don't) and that I have the malware version of the svchost.exe file (or some other malware file that needs to be removed), and I don't. It's entirely possible that I am not understanding what you posted, but if it was a solution to the OP's (and my) ZA popup problem (to be clear; ZA not remembering that I selected it to rember to allow the Generic Host Process for the svchost.exe file to access the internet) and not involving removal of the ZA program or some malware file that I don't have, then it's still not the solution I'm looking for.
Guest John John (MVP) Posted October 17, 2008 Posted October 17, 2008 Re: Zone Alarm popup Kayman wrote: > On Fri, 17 Oct 2008 00:01:19 -0300, John John (MVP) wrote: > > >>Kayman wrote: >> >> >>>On Thu, 16 Oct 2008 09:52:28 -0300, John John (MVP) wrote: >>> >>> >>> >>>>Kayman wrote: >>>> >>>> >>>>>On Thu, 16 Oct 2008 06:46:14 -0500, HeyBub wrote: >>>>> >>>>> >>>>> >>>>> >>>>>>Kayman wrote: >>>>>> >>>>>> >>>>>> >>>>>>>On Wed, 15 Oct 2008 13:33:31 -0500, TMitchell wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>Identification: None >>>>>>>>>Application: sychost.exe >>>>>>>>>Source IP: 0.0.0.0.Port 135 >>>>>>>>> >>>>>>>> >>>>>>>>Can't help, but I'm having the exact same problem these past few >>>>>>>>weeks. Don't know why it started or how to solve it. >>>>>>> >>>>>>>1.Uninstall/Remove ZA from your OS and DON'T re-install! >>>>>>>http://zonealarm.donhoover.net/uninstall.html >>>>>>>--or-- >>>>>>>Revo Uninstaller >>>>>>>http://www.revouninstaller.com/ >>>>>>> >>>>>> >>>>>>[...] >>>>>> >>>>>>The OP has a Trojan and you're telling him to remove the software that >>>>>>detected it? >>>>> >>>>> >>>>>According to the hype, ZA is supposed to prevent the installation of >>>>>malware. The OP's OS is compromised. Implementing my suggestions will >>>>>remove this Trojan and keep malware out of his OS. >>>> >>>>I'm no fan of ZA but I have never heard that its basic firewall is >>>>supposed to prevent the installation of malware. Where have you seen ZA >>>>advertise or state that its basic firewall prevents the installation of >>>>malware? >>> >>> >>>In my newsreader the posts authored by KW and TM do not indicate specifics >>>of ZA. >>>The hype created by ZA is real ("Blocks malicious program attacks including >>>rootkits"), just Google it. >> >>It wouldn't be surprising that you would find that in your Google >>search, if you don't already know it Zone Alarm is also in the >>Anti-Virus/Anti-spyware market so it wouldn't be out of the ordinary for >>anyone in that market to have products capable of blocking those pests >>and to advertise it, it is no more of a hype than what the other >>competing companies in that market also claim and advertise about their >>products. > > > It wouldn't be surprising that a certain John John (MVP) didn't find in his > search the ZA firewall which "blocks malicious malware attacks". LOL! > To reiterate, I do call their claim to be nothing but a sensational > promotion because it (obviously) ain't working! Now you are trying to change your previous statement which was: "According to the hype, ZA is supposed to prevent the installation of malware." It doesn't suprise me that you would now try to change the the discussion to weasle out of your previous incorect statement. John
Recommended Posts