Norton Security Alert

  hoverman 18:17 29 Mar 2004

Over the last few days Norton Internet Security has on several occasions popped up an alert stating "A remote system is attempting to access Microsoft Generic Host Process for Win32 Services on your computer". The program mentioned below this is svchost.exe and the path C:\WINDOWS\system32\.

In the action box there are three options and NIS has always preselected 'Permit (Recommended)'. Up to now I have blocked it each time. Is it safe to do what Norton recommends?

  GaT7 18:32 29 Mar 2004

Symantec's take on this - click here

"An attempt may be made to exploit the Universal Plug and Play vulnerability on Windows 98/98SE/Me/XP computers running Norton Internet.....Win32 Network Interface Service Process, or Generic Host Process for Win32 Services are attempting to connect to the Internet...."

  fuzzyone 18:40 29 Mar 2004

just arrived home from work to find a message from a friend.

He had just found a virus on his pc, and guess what file it was.? Yes C\windows\system32\drivers\svchost.exe

  hoverman 18:47 29 Mar 2004

Your link refers to NIS2002. I have NIS 2004 and the interface is somewhat different. I keep up to date regularly with Liveupdate and Windows update so assume that the patches mentioned on that link are already installed. One of the other options given when the alert appears is 'Manually configure Internet access' so will see what that achieves next time. I am however puzzled why NIS is recommending to permit the attempt.

  hoverman 18:48 29 Mar 2004

A virus scan by Norton reports nn threats at all. System clean.

  hoverman 18:49 29 Mar 2004 threats at all.

  VoG II 18:51 29 Mar 2004

Yes but the real one lives in C:\Windows\System32

  GaT7 18:58 29 Mar 2004

Quoted from Symantec- click here

"The SVCHOST.EXE process:

In Windows 2000 and Windows XP computers, the Network Connections list typically includes the SVCHOST.EXE executable file. Windows 2000/XP uses this executable for services that are run from dynamic link library (DLL) files. These other services include operating system services, and can include services that are used by third-party programs.

The Network Connections list may include more than one instance of SVCHOST.EXE. Each instance of SVCHOST.EXE hosts one or more services. SDF and SCF do not allow you to terminate this connection.

To determine which services SVCHOST.EXE is hosting, see the following Microsoft documents:

Article number Q250320, Description of Svchost.exe in Windows 2000 click here

Article number Q314056 - click here

More information: A Trojan horse is a program that disguises itself as another program, and then does harm to your computer or provides access to your computer for others to use."

  hoverman 19:00 29 Mar 2004

Just done a virus scan of the C:\WINDOWS\System32 folder. No threats reported by NIS.

  fuzzyone 19:01 29 Mar 2004


Yes I had a little while going through each of the proccesses to close the right one down, to enable deletion.

  hoverman 19:37 29 Mar 2004

An online virus scan by McAfee also showed no infected files. If the alert pops up again I will elect NIS to block it and tick the box 'Always use this action'.

Thanks to all for your responses.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Artist Pete Oswald on creating relatable characters & his new book

New iMac Pro release date, UK price & specs rumours

Idées cadeaux pour geeks et tech addicts