If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#61
|
|||
|
|||
What are these??
Thanks for the link and the information. By the way, when links are that
long, here a couple of sites that can shorten them: www.tinyurl.com http://notlong.com/ -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Jim Carlock" wrote in message ... http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg Eww, that's a long post. There's information there about a SetupHlp.cmd that copies altsvc to the Windows\System32 folder. The article seems to indicate that people are connected/ connecting to the host with such a file and they're setting up Serv-u ftp file sharing software. Read the article and look at the contents of that .cmd file. I ran into this last year about in the month of March, and they start pulling all kind of tricks on your system. Look at your ntdll.dll file which should be in the Windows\System32 folder, they might have put a modified file that may or may not be detected by antivirus. The serv-u ftp is a valid program that is not a virus, it just opens up your system to the whole world and the whole world can connect to you. They'll put modified ntdll.dll files on your system, so check the dates and such against "valid" files, because if you have a bogus one, that works in every manner like the real one, but is NOT a virus, but instead something that opens your system up by setting up some extra functions that other software can call... whew, the thoughts are getting messy... There are some clever folks out there. I happened to run across this because I opened an .html file that was included in Email, and that file in turn executed a Nimbda Virus, which in turn opened up the system for hackers, and then Serv-U popped up. I can't be 100% certain that's what's happened to you, but I know what it did to my system and the people using those hacks are quite clever. So with that, I'll add, the following facts: Only open HTML documents with Notepad. I put a shortcut to notepad in my SendTo list and open almost files in this manner to get a glimpse of what's in them. It doesn't matter that you got an HTML file from a friend, so be very wary about opening such documents. The same applies to any .EML files. And I'm sure you are aware that it applies to .CHM, .HLP and many other files, including, .CMD, .EXE, .JS, .VBS and another 20 other types of files. HTML is the primary source of viral transmission, system exploitation. .CHM files are HTML. I think the HLP files work in the same manner, but without the HTML stuff... I'm only including those because I know code can be placed inside of them but I just don't know the full extent to which they are capable of throwing your system into the hands of those that want to take control of it. I hope this information helps and makes you 500% aware of the potential abuse that can be had. I'm not pulling things out of thin air. It happened to me, it can happen to you. g Not that I'm anything special. ;-) Good luck! -- Jim Carlock http://www.microcosmotalk.com/ Post replies to the newsgroup. "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... Do you have anything in your Network Protocol that might be starting this service? -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There has been no apparent effect of shifting both msthost and altsvc out of system32 directory. Mike. However, on doing some detective work of my own, I found that Netbios Helper Service (listed under Services) was automatically starting altsvc.exe and there are no Dependencies !!! Does it make any sense to anyone?? "Ratan Maitra" wrote in message ... Thanks a lot Mike, for your painstaking detective work :-)) As these haven't caused any 'significant' problems yet, I'm presently killing these two processes and manually preventing msthost from connecting to the net, after each booting. You have rightly observed, it is this suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my attention to the processes running in the background. Moreover, neither msthost nor altsvc appear in any start-up programs !!! I'll delete these files and let you know the results. Thanks again "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... I was doing some work in my Registry when I came upon a reference for msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I don't show them on my system as being located on my hard drive. Why they are in your system32 folder I don't know unless there's something on your system that has placed them there. The interaction you describe with Zone Alarm raises a red flag with me and it would seem to indicate malware, possibly taking advantage of a registry pointer but you say Ad Aware and Spybot came up clean as did AV scan. I'm sorry, I can't give you much beyond this. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There are absolutely no details except the file size, which I have already mentioned... I have noticed one feature though, after each reboot, msthost manages to erase the "block" settings of ZoneAlarm and I have to block it afresh... Any other suggestions, please?? "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... These are not Windows files. You can try right clicking and selecting properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
Ads |
#62
|
|||
|
|||
What are these??
Thanks for the link and the information. By the way, when links are that
long, here a couple of sites that can shorten them: www.tinyurl.com http://notlong.com/ -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Jim Carlock" wrote in message ... http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg Eww, that's a long post. There's information there about a SetupHlp.cmd that copies altsvc to the Windows\System32 folder. The article seems to indicate that people are connected/ connecting to the host with such a file and they're setting up Serv-u ftp file sharing software. Read the article and look at the contents of that .cmd file. I ran into this last year about in the month of March, and they start pulling all kind of tricks on your system. Look at your ntdll.dll file which should be in the Windows\System32 folder, they might have put a modified file that may or may not be detected by antivirus. The serv-u ftp is a valid program that is not a virus, it just opens up your system to the whole world and the whole world can connect to you. They'll put modified ntdll.dll files on your system, so check the dates and such against "valid" files, because if you have a bogus one, that works in every manner like the real one, but is NOT a virus, but instead something that opens your system up by setting up some extra functions that other software can call... whew, the thoughts are getting messy... There are some clever folks out there. I happened to run across this because I opened an .html file that was included in Email, and that file in turn executed a Nimbda Virus, which in turn opened up the system for hackers, and then Serv-U popped up. I can't be 100% certain that's what's happened to you, but I know what it did to my system and the people using those hacks are quite clever. So with that, I'll add, the following facts: Only open HTML documents with Notepad. I put a shortcut to notepad in my SendTo list and open almost files in this manner to get a glimpse of what's in them. It doesn't matter that you got an HTML file from a friend, so be very wary about opening such documents. The same applies to any .EML files. And I'm sure you are aware that it applies to .CHM, .HLP and many other files, including, .CMD, .EXE, .JS, .VBS and another 20 other types of files. HTML is the primary source of viral transmission, system exploitation. .CHM files are HTML. I think the HLP files work in the same manner, but without the HTML stuff... I'm only including those because I know code can be placed inside of them but I just don't know the full extent to which they are capable of throwing your system into the hands of those that want to take control of it. I hope this information helps and makes you 500% aware of the potential abuse that can be had. I'm not pulling things out of thin air. It happened to me, it can happen to you. g Not that I'm anything special. ;-) Good luck! -- Jim Carlock http://www.microcosmotalk.com/ Post replies to the newsgroup. "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... Do you have anything in your Network Protocol that might be starting this service? -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There has been no apparent effect of shifting both msthost and altsvc out of system32 directory. Mike. However, on doing some detective work of my own, I found that Netbios Helper Service (listed under Services) was automatically starting altsvc.exe and there are no Dependencies !!! Does it make any sense to anyone?? "Ratan Maitra" wrote in message ... Thanks a lot Mike, for your painstaking detective work :-)) As these haven't caused any 'significant' problems yet, I'm presently killing these two processes and manually preventing msthost from connecting to the net, after each booting. You have rightly observed, it is this suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my attention to the processes running in the background. Moreover, neither msthost nor altsvc appear in any start-up programs !!! I'll delete these files and let you know the results. Thanks again "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... I was doing some work in my Registry when I came upon a reference for msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I don't show them on my system as being located on my hard drive. Why they are in your system32 folder I don't know unless there's something on your system that has placed them there. The interaction you describe with Zone Alarm raises a red flag with me and it would seem to indicate malware, possibly taking advantage of a registry pointer but you say Ad Aware and Spybot came up clean as did AV scan. I'm sorry, I can't give you much beyond this. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There are absolutely no details except the file size, which I have already mentioned... I have noticed one feature though, after each reboot, msthost manages to erase the "block" settings of ZoneAlarm and I have to block it afresh... Any other suggestions, please?? "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... These are not Windows files. You can try right clicking and selecting properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#63
|
|||
|
|||
What are these??
Thanks for the link and the information. By the way, when links are that
long, here a couple of sites that can shorten them: www.tinyurl.com http://notlong.com/ -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Jim Carlock" wrote in message ... http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg Eww, that's a long post. There's information there about a SetupHlp.cmd that copies altsvc to the Windows\System32 folder. The article seems to indicate that people are connected/ connecting to the host with such a file and they're setting up Serv-u ftp file sharing software. Read the article and look at the contents of that .cmd file. I ran into this last year about in the month of March, and they start pulling all kind of tricks on your system. Look at your ntdll.dll file which should be in the Windows\System32 folder, they might have put a modified file that may or may not be detected by antivirus. The serv-u ftp is a valid program that is not a virus, it just opens up your system to the whole world and the whole world can connect to you. They'll put modified ntdll.dll files on your system, so check the dates and such against "valid" files, because if you have a bogus one, that works in every manner like the real one, but is NOT a virus, but instead something that opens your system up by setting up some extra functions that other software can call... whew, the thoughts are getting messy... There are some clever folks out there. I happened to run across this because I opened an .html file that was included in Email, and that file in turn executed a Nimbda Virus, which in turn opened up the system for hackers, and then Serv-U popped up. I can't be 100% certain that's what's happened to you, but I know what it did to my system and the people using those hacks are quite clever. So with that, I'll add, the following facts: Only open HTML documents with Notepad. I put a shortcut to notepad in my SendTo list and open almost files in this manner to get a glimpse of what's in them. It doesn't matter that you got an HTML file from a friend, so be very wary about opening such documents. The same applies to any .EML files. And I'm sure you are aware that it applies to .CHM, .HLP and many other files, including, .CMD, .EXE, .JS, .VBS and another 20 other types of files. HTML is the primary source of viral transmission, system exploitation. .CHM files are HTML. I think the HLP files work in the same manner, but without the HTML stuff... I'm only including those because I know code can be placed inside of them but I just don't know the full extent to which they are capable of throwing your system into the hands of those that want to take control of it. I hope this information helps and makes you 500% aware of the potential abuse that can be had. I'm not pulling things out of thin air. It happened to me, it can happen to you. g Not that I'm anything special. ;-) Good luck! -- Jim Carlock http://www.microcosmotalk.com/ Post replies to the newsgroup. "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... Do you have anything in your Network Protocol that might be starting this service? -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There has been no apparent effect of shifting both msthost and altsvc out of system32 directory. Mike. However, on doing some detective work of my own, I found that Netbios Helper Service (listed under Services) was automatically starting altsvc.exe and there are no Dependencies !!! Does it make any sense to anyone?? "Ratan Maitra" wrote in message ... Thanks a lot Mike, for your painstaking detective work :-)) As these haven't caused any 'significant' problems yet, I'm presently killing these two processes and manually preventing msthost from connecting to the net, after each booting. You have rightly observed, it is this suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my attention to the processes running in the background. Moreover, neither msthost nor altsvc appear in any start-up programs !!! I'll delete these files and let you know the results. Thanks again "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... I was doing some work in my Registry when I came upon a reference for msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I don't show them on my system as being located on my hard drive. Why they are in your system32 folder I don't know unless there's something on your system that has placed them there. The interaction you describe with Zone Alarm raises a red flag with me and it would seem to indicate malware, possibly taking advantage of a registry pointer but you say Ad Aware and Spybot came up clean as did AV scan. I'm sorry, I can't give you much beyond this. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There are absolutely no details except the file size, which I have already mentioned... I have noticed one feature though, after each reboot, msthost manages to erase the "block" settings of ZoneAlarm and I have to block it afresh... Any other suggestions, please?? "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... These are not Windows files. You can try right clicking and selecting properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#64
|
|||
|
|||
What are these??
Thanks for the link and the information. By the way, when links are that
long, here a couple of sites that can shorten them: www.tinyurl.com http://notlong.com/ -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Jim Carlock" wrote in message ... http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg Eww, that's a long post. There's information there about a SetupHlp.cmd that copies altsvc to the Windows\System32 folder. The article seems to indicate that people are connected/ connecting to the host with such a file and they're setting up Serv-u ftp file sharing software. Read the article and look at the contents of that .cmd file. I ran into this last year about in the month of March, and they start pulling all kind of tricks on your system. Look at your ntdll.dll file which should be in the Windows\System32 folder, they might have put a modified file that may or may not be detected by antivirus. The serv-u ftp is a valid program that is not a virus, it just opens up your system to the whole world and the whole world can connect to you. They'll put modified ntdll.dll files on your system, so check the dates and such against "valid" files, because if you have a bogus one, that works in every manner like the real one, but is NOT a virus, but instead something that opens your system up by setting up some extra functions that other software can call... whew, the thoughts are getting messy... There are some clever folks out there. I happened to run across this because I opened an .html file that was included in Email, and that file in turn executed a Nimbda Virus, which in turn opened up the system for hackers, and then Serv-U popped up. I can't be 100% certain that's what's happened to you, but I know what it did to my system and the people using those hacks are quite clever. So with that, I'll add, the following facts: Only open HTML documents with Notepad. I put a shortcut to notepad in my SendTo list and open almost files in this manner to get a glimpse of what's in them. It doesn't matter that you got an HTML file from a friend, so be very wary about opening such documents. The same applies to any .EML files. And I'm sure you are aware that it applies to .CHM, .HLP and many other files, including, .CMD, .EXE, .JS, .VBS and another 20 other types of files. HTML is the primary source of viral transmission, system exploitation. .CHM files are HTML. I think the HLP files work in the same manner, but without the HTML stuff... I'm only including those because I know code can be placed inside of them but I just don't know the full extent to which they are capable of throwing your system into the hands of those that want to take control of it. I hope this information helps and makes you 500% aware of the potential abuse that can be had. I'm not pulling things out of thin air. It happened to me, it can happen to you. g Not that I'm anything special. ;-) Good luck! -- Jim Carlock http://www.microcosmotalk.com/ Post replies to the newsgroup. "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... Do you have anything in your Network Protocol that might be starting this service? -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There has been no apparent effect of shifting both msthost and altsvc out of system32 directory. Mike. However, on doing some detective work of my own, I found that Netbios Helper Service (listed under Services) was automatically starting altsvc.exe and there are no Dependencies !!! Does it make any sense to anyone?? "Ratan Maitra" wrote in message ... Thanks a lot Mike, for your painstaking detective work :-)) As these haven't caused any 'significant' problems yet, I'm presently killing these two processes and manually preventing msthost from connecting to the net, after each booting. You have rightly observed, it is this suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my attention to the processes running in the background. Moreover, neither msthost nor altsvc appear in any start-up programs !!! I'll delete these files and let you know the results. Thanks again "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... I was doing some work in my Registry when I came upon a reference for msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I don't show them on my system as being located on my hard drive. Why they are in your system32 folder I don't know unless there's something on your system that has placed them there. The interaction you describe with Zone Alarm raises a red flag with me and it would seem to indicate malware, possibly taking advantage of a registry pointer but you say Ad Aware and Spybot came up clean as did AV scan. I'm sorry, I can't give you much beyond this. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There are absolutely no details except the file size, which I have already mentioned... I have noticed one feature though, after each reboot, msthost manages to erase the "block" settings of ZoneAlarm and I have to block it afresh... Any other suggestions, please?? "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... These are not Windows files. You can try right clicking and selecting properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#65
|
|||
|
|||
What are these??
Thanks for the link and the information. By the way, when links are that
long, here a couple of sites that can shorten them: www.tinyurl.com http://notlong.com/ -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Jim Carlock" wrote in message ... http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg Eww, that's a long post. There's information there about a SetupHlp.cmd that copies altsvc to the Windows\System32 folder. The article seems to indicate that people are connected/ connecting to the host with such a file and they're setting up Serv-u ftp file sharing software. Read the article and look at the contents of that .cmd file. I ran into this last year about in the month of March, and they start pulling all kind of tricks on your system. Look at your ntdll.dll file which should be in the Windows\System32 folder, they might have put a modified file that may or may not be detected by antivirus. The serv-u ftp is a valid program that is not a virus, it just opens up your system to the whole world and the whole world can connect to you. They'll put modified ntdll.dll files on your system, so check the dates and such against "valid" files, because if you have a bogus one, that works in every manner like the real one, but is NOT a virus, but instead something that opens your system up by setting up some extra functions that other software can call... whew, the thoughts are getting messy... There are some clever folks out there. I happened to run across this because I opened an .html file that was included in Email, and that file in turn executed a Nimbda Virus, which in turn opened up the system for hackers, and then Serv-U popped up. I can't be 100% certain that's what's happened to you, but I know what it did to my system and the people using those hacks are quite clever. So with that, I'll add, the following facts: Only open HTML documents with Notepad. I put a shortcut to notepad in my SendTo list and open almost files in this manner to get a glimpse of what's in them. It doesn't matter that you got an HTML file from a friend, so be very wary about opening such documents. The same applies to any .EML files. And I'm sure you are aware that it applies to .CHM, .HLP and many other files, including, .CMD, .EXE, .JS, .VBS and another 20 other types of files. HTML is the primary source of viral transmission, system exploitation. .CHM files are HTML. I think the HLP files work in the same manner, but without the HTML stuff... I'm only including those because I know code can be placed inside of them but I just don't know the full extent to which they are capable of throwing your system into the hands of those that want to take control of it. I hope this information helps and makes you 500% aware of the potential abuse that can be had. I'm not pulling things out of thin air. It happened to me, it can happen to you. g Not that I'm anything special. ;-) Good luck! -- Jim Carlock http://www.microcosmotalk.com/ Post replies to the newsgroup. "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... Do you have anything in your Network Protocol that might be starting this service? -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There has been no apparent effect of shifting both msthost and altsvc out of system32 directory. Mike. However, on doing some detective work of my own, I found that Netbios Helper Service (listed under Services) was automatically starting altsvc.exe and there are no Dependencies !!! Does it make any sense to anyone?? "Ratan Maitra" wrote in message ... Thanks a lot Mike, for your painstaking detective work :-)) As these haven't caused any 'significant' problems yet, I'm presently killing these two processes and manually preventing msthost from connecting to the net, after each booting. You have rightly observed, it is this suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my attention to the processes running in the background. Moreover, neither msthost nor altsvc appear in any start-up programs !!! I'll delete these files and let you know the results. Thanks again "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... I was doing some work in my Registry when I came upon a reference for msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I don't show them on my system as being located on my hard drive. Why they are in your system32 folder I don't know unless there's something on your system that has placed them there. The interaction you describe with Zone Alarm raises a red flag with me and it would seem to indicate malware, possibly taking advantage of a registry pointer but you say Ad Aware and Spybot came up clean as did AV scan. I'm sorry, I can't give you much beyond this. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... There are absolutely no details except the file size, which I have already mentioned... I have noticed one feature though, after each reboot, msthost manages to erase the "block" settings of ZoneAlarm and I have to block it afresh... Any other suggestions, please?? "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... These are not Windows files. You can try right clicking and selecting properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#66
|
|||
|
|||
What are these??
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#67
|
|||
|
|||
What are these??
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#68
|
|||
|
|||
What are these??
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both
located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#69
|
|||
|
|||
What are these??
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both
located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#70
|
|||
|
|||
What are these??
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#71
|
|||
|
|||
What are these??
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#72
|
|||
|
|||
What are these??
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#73
|
|||
|
|||
What are these??
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you have no viruses or malware installed, they may belong to other applications installed on your system. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#74
|
|||
|
|||
What are these??
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both
located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
#75
|
|||
|
|||
What are these??
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb) ...both
located in system32 directory..as correctly mentioned earlier. I have the latest 4 April NAV update and run the scan regularly...I have also undergone free online scans of Panda and Trend....but nothing was detected. I couldn't get any information about these two processes running in the background... "Michael Solomon (MS-MVP Windows Shell/User)" wrote in message ... If you mean alertsvc.exe and mshost.exe, the first thing you need to do is make sure your antivirus software is up to date and run a scan. -- Michael Solomon MS-MVP Windows Shell/User Backup is a PC User's Best Friend DTS-L.Org: http://www.dts-l.org/ "Ratan Maitra" wrote in message ... Of late I have noticed msthost.exe and altsvc.exe (both located in Windows/system32) are running in the background. .....and msthost tries to connect to the internet immediately after logging on.. What are these, any ideas?? |
Thread Tools | |
Display Modes | |
|
|