What are these??

Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

You are welcome, good luck.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe (13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

There has been no apparent effect of shifting both msthost and altsvc out of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However, I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

You might consider send an inquiry to

and describe your problem to them. Their web site is :

http://www.spywareguide.com/txt_contactus.html

--
Coleman Smith
*********************************************
"Ratan Maitra" wrote in message
...
Of late I have noticed msthost.exe and altsvc.exe (both located in
Windows/system32) are
running in the background. .....and msthost tries to connect to the
internet
immediately after logging on..
What are these, any ideas??

You might consider send an inquiry to

and describe your problem to them. Their web site is :

http://www.spywareguide.com/txt_contactus.html

--
Coleman Smith
*********************************************
"Ratan Maitra" wrote in message
...
Of late I have noticed msthost.exe and altsvc.exe (both located in
Windows/system32) are
running in the background. .....and msthost tries to connect to the
internet
immediately after logging on..
What are these, any ideas??

http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

Eww, that's a long post. There's information there about a
SetupHlp.cmd that copies altsvc to the Windows\System32
folder. The article seems to indicate that people are connected/
connecting to the host with such a file and they're setting up
Serv-u ftp file sharing software. Read the article and look at
the contents of that .cmd file.

I ran into this last year about in the month of March, and they
start pulling all kind of tricks on your system. Look at your
ntdll.dll file which should be in the Windows\System32 folder,
they might have put a modified file that may or may not be
detected by antivirus. The serv-u ftp is a valid program that
is not a virus, it just opens up your system to the whole world
and the whole world can connect to you.

They'll put modified ntdll.dll files on your system, so check the
dates and such against "valid" files, because if you have a bogus
one, that works in every manner like the real one, but is NOT
a virus, but instead something that opens your system up by
setting up some extra functions that other software can call...
whew, the thoughts are getting messy... There are some clever
folks out there. I happened to run across this because I opened
an .html file that was included in Email, and that file in turn
executed a Nimbda Virus, which in turn opened up the system
for hackers, and then Serv-U popped up.

I can't be 100% certain that's what's happened to you, but
I know what it did to my system and the people using those
hacks are quite clever.

So with that, I'll add, the following facts:

Only open HTML documents with Notepad. I put a shortcut
to notepad in my SendTo list and open almost files in this
manner to get a glimpse of what's in them. It doesn't matter
that you got an HTML file from a friend, so be very wary about
opening such documents.

The same applies to any .EML files. And I'm sure you are aware
that it applies to .CHM, .HLP and many other files, including,
..CMD, .EXE, .JS, .VBS and another 20 other types of files.

HTML is the primary source of viral transmission, system
exploitation. .CHM files are HTML. I think the HLP files work
in the same manner, but without the HTML stuff... I'm only
including those because I know code can be placed inside of
them but I just don't know the full extent to which they are
capable of throwing your system into the hands of those that
want to take control of it.

I hope this information helps and makes you 500% aware of
the potential abuse that can be had. I'm not pulling things out
of thin air. It happened to me, it can happen to you. g Not
that I'm anything special. ;-) Good luck!

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

Eww, that's a long post. There's information there about a
SetupHlp.cmd that copies altsvc to the Windows\System32
folder. The article seems to indicate that people are connected/
connecting to the host with such a file and they're setting up
Serv-u ftp file sharing software. Read the article and look at
the contents of that .cmd file.

I ran into this last year about in the month of March, and they
start pulling all kind of tricks on your system. Look at your
ntdll.dll file which should be in the Windows\System32 folder,
they might have put a modified file that may or may not be
detected by antivirus. The serv-u ftp is a valid program that
is not a virus, it just opens up your system to the whole world
and the whole world can connect to you.

They'll put modified ntdll.dll files on your system, so check the
dates and such against "valid" files, because if you have a bogus
one, that works in every manner like the real one, but is NOT
a virus, but instead something that opens your system up by
setting up some extra functions that other software can call...
whew, the thoughts are getting messy... There are some clever
folks out there. I happened to run across this because I opened
an .html file that was included in Email, and that file in turn
executed a Nimbda Virus, which in turn opened up the system
for hackers, and then Serv-U popped up.

I can't be 100% certain that's what's happened to you, but
I know what it did to my system and the people using those
hacks are quite clever.

So with that, I'll add, the following facts:

Only open HTML documents with Notepad. I put a shortcut
to notepad in my SendTo list and open almost files in this
manner to get a glimpse of what's in them. It doesn't matter
that you got an HTML file from a friend, so be very wary about
opening such documents.

The same applies to any .EML files. And I'm sure you are aware
that it applies to .CHM, .HLP and many other files, including,
..CMD, .EXE, .JS, .VBS and another 20 other types of files.

HTML is the primary source of viral transmission, system
exploitation. .CHM files are HTML. I think the HLP files work
in the same manner, but without the HTML stuff... I'm only
including those because I know code can be placed inside of
them but I just don't know the full extent to which they are
capable of throwing your system into the hands of those that
want to take control of it.

I hope this information helps and makes you 500% aware of
the potential abuse that can be had. I'm not pulling things out
of thin air. It happened to me, it can happen to you. g Not
that I'm anything special. ;-) Good luck!

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

You might consider send an inquiry to

and describe your problem to them. Their web site is :

http://www.spywareguide.com/txt_contactus.html

--
Coleman Smith
*********************************************
"Ratan Maitra" wrote in message
...
Of late I have noticed msthost.exe and altsvc.exe (both located in
Windows/system32) are
running in the background. .....and msthost tries to connect to the
internet
immediately after logging on..
What are these, any ideas??

http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

Eww, that's a long post. There's information there about a
SetupHlp.cmd that copies altsvc to the Windows\System32
folder. The article seems to indicate that people are connected/
connecting to the host with such a file and they're setting up
Serv-u ftp file sharing software. Read the article and look at
the contents of that .cmd file.

I ran into this last year about in the month of March, and they
start pulling all kind of tricks on your system. Look at your
ntdll.dll file which should be in the Windows\System32 folder,
they might have put a modified file that may or may not be
detected by antivirus. The serv-u ftp is a valid program that
is not a virus, it just opens up your system to the whole world
and the whole world can connect to you.

They'll put modified ntdll.dll files on your system, so check the
dates and such against "valid" files, because if you have a bogus
one, that works in every manner like the real one, but is NOT
a virus, but instead something that opens your system up by
setting up some extra functions that other software can call...
whew, the thoughts are getting messy... There are some clever
folks out there. I happened to run across this because I opened
an .html file that was included in Email, and that file in turn
executed a Nimbda Virus, which in turn opened up the system
for hackers, and then Serv-U popped up.

I can't be 100% certain that's what's happened to you, but
I know what it did to my system and the people using those
hacks are quite clever.

So with that, I'll add, the following facts:

Only open HTML documents with Notepad. I put a shortcut
to notepad in my SendTo list and open almost files in this
manner to get a glimpse of what's in them. It doesn't matter
that you got an HTML file from a friend, so be very wary about
opening such documents.

The same applies to any .EML files. And I'm sure you are aware
that it applies to .CHM, .HLP and many other files, including,
..CMD, .EXE, .JS, .VBS and another 20 other types of files.

HTML is the primary source of viral transmission, system
exploitation. .CHM files are HTML. I think the HLP files work
in the same manner, but without the HTML stuff... I'm only
including those because I know code can be placed inside of
them but I just don't know the full extent to which they are
capable of throwing your system into the hands of those that
want to take control of it.

I hope this information helps and makes you 500% aware of
the potential abuse that can be had. I'm not pulling things out
of thin air. It happened to me, it can happen to you. g Not
that I'm anything special. ;-) Good luck!

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

You might consider send an inquiry to

and describe your problem to them. Their web site is :

http://www.spywareguide.com/txt_contactus.html

--
Coleman Smith
*********************************************
"Ratan Maitra" wrote in message
...
Of late I have noticed msthost.exe and altsvc.exe (both located in
Windows/system32) are
running in the background. .....and msthost tries to connect to the
internet
immediately after logging on..
What are these, any ideas??

http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

Eww, that's a long post. There's information there about a
SetupHlp.cmd that copies altsvc to the Windows\System32
folder. The article seems to indicate that people are connected/
connecting to the host with such a file and they're setting up
Serv-u ftp file sharing software. Read the article and look at
the contents of that .cmd file.

I ran into this last year about in the month of March, and they
start pulling all kind of tricks on your system. Look at your
ntdll.dll file which should be in the Windows\System32 folder,
they might have put a modified file that may or may not be
detected by antivirus. The serv-u ftp is a valid program that
is not a virus, it just opens up your system to the whole world
and the whole world can connect to you.

They'll put modified ntdll.dll files on your system, so check the
dates and such against "valid" files, because if you have a bogus
one, that works in every manner like the real one, but is NOT
a virus, but instead something that opens your system up by
setting up some extra functions that other software can call...
whew, the thoughts are getting messy... There are some clever
folks out there. I happened to run across this because I opened
an .html file that was included in Email, and that file in turn
executed a Nimbda Virus, which in turn opened up the system
for hackers, and then Serv-U popped up.

I can't be 100% certain that's what's happened to you, but
I know what it did to my system and the people using those
hacks are quite clever.

So with that, I'll add, the following facts:

Only open HTML documents with Notepad. I put a shortcut
to notepad in my SendTo list and open almost files in this
manner to get a glimpse of what's in them. It doesn't matter
that you got an HTML file from a friend, so be very wary about
opening such documents.

The same applies to any .EML files. And I'm sure you are aware
that it applies to .CHM, .HLP and many other files, including,
..CMD, .EXE, .JS, .VBS and another 20 other types of files.

HTML is the primary source of viral transmission, system
exploitation. .CHM files are HTML. I think the HLP files work
in the same manner, but without the HTML stuff... I'm only
including those because I know code can be placed inside of
them but I just don't know the full extent to which they are
capable of throwing your system into the hands of those that
want to take control of it.

I hope this information helps and makes you 500% aware of
the potential abuse that can be had. I'm not pulling things out
of thin air. It happened to me, it can happen to you. g Not
that I'm anything special. ;-) Good luck!

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to indicate
malware, possibly taking advantage of a registry pointer but you say Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)" wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both located
in
Windows/system32) are
running in the background. .....and msthost tries to connect to
the
internet
immediately after logging on..
What are these, any ideas??

Thanks for the link and the information. By the way, when links are that
long, here a couple of sites that can shorten them:
www.tinyurl.com
http://notlong.com/

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Jim Carlock" wrote in message
...
http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

Eww, that's a long post. There's information there about a
SetupHlp.cmd that copies altsvc to the Windows\System32
folder. The article seems to indicate that people are connected/
connecting to the host with such a file and they're setting up
Serv-u ftp file sharing software. Read the article and look at
the contents of that .cmd file.

I ran into this last year about in the month of March, and they
start pulling all kind of tricks on your system. Look at your
ntdll.dll file which should be in the Windows\System32 folder,
they might have put a modified file that may or may not be
detected by antivirus. The serv-u ftp is a valid program that
is not a virus, it just opens up your system to the whole world
and the whole world can connect to you.

They'll put modified ntdll.dll files on your system, so check the
dates and such against "valid" files, because if you have a bogus
one, that works in every manner like the real one, but is NOT
a virus, but instead something that opens your system up by
setting up some extra functions that other software can call...
whew, the thoughts are getting messy... There are some clever
folks out there. I happened to run across this because I opened
an .html file that was included in Email, and that file in turn
executed a Nimbda Virus, which in turn opened up the system
for hackers, and then Serv-U popped up.

I can't be 100% certain that's what's happened to you, but
I know what it did to my system and the people using those
hacks are quite clever.

So with that, I'll add, the following facts:

Only open HTML documents with Notepad. I put a shortcut
to notepad in my SendTo list and open almost files in this
manner to get a glimpse of what's in them. It doesn't matter
that you got an HTML file from a friend, so be very wary about
opening such documents.

The same applies to any .EML files. And I'm sure you are aware
that it applies to .CHM, .HLP and many other files, including,
.CMD, .EXE, .JS, .VBS and another 20 other types of files.

HTML is the primary source of viral transmission, system
exploitation. .CHM files are HTML. I think the HLP files work
in the same manner, but without the HTML stuff... I'm only
including those because I know code can be placed inside of
them but I just don't know the full extent to which they are
capable of throwing your system into the hands of those that
want to take control of it.

I hope this information helps and makes you 500% aware of
the potential abuse that can be had. I'm not pulling things out
of thin air. It happened to me, it can happen to you. g Not
that I'm anything special. ;-) Good luck!

--
Jim Carlock
http://www.microcosmotalk.com/
Post replies to the newsgroup.


"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
Do you have anything in your Network Protocol that might be starting this
service?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There has been no apparent effect of shifting both msthost and altsvc out
of
system32 directory. Mike.
However, on doing some detective work of my own, I found that Netbios
Helper
Service (listed under Services) was automatically starting altsvc.exe and
there are no Dependencies !!!
Does it make any sense to anyone??

"Ratan Maitra" wrote in message
...
Thanks a lot Mike, for your painstaking detective work :-))

As these haven't caused any 'significant' problems yet, I'm presently
killing these two processes and manually preventing msthost from
connecting
to the net, after each booting. You have rightly observed, it is this
suspicious behaviour of ZoneAlarm setting for msthost.exe that drew my
attention to the processes running in the background. Moreover, neither
msthost nor altsvc appear in any start-up programs !!!

I'll delete these files and let you know the results.
Thanks again

"Michael Solomon (MS-MVP Windows Shell/User)" wrote in
message ...
I was doing some work in my Registry when I came upon a reference for
msthost.exe and altsvc.exe in a sub-key of Search Assistant. However,
I
don't show them on my system as being located on my hard drive.

Why they are in your system32 folder I don't know unless there's
something
on your system that has placed them there. The interaction you
describe
with Zone Alarm raises a red flag with me and it would seem to
indicate
malware, possibly taking advantage of a registry pointer but you say
Ad
Aware and Spybot came up clean as did AV scan.

I'm sorry, I can't give you much beyond this.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
There are absolutely no details except the file size, which I have
already
mentioned...
I have noticed one feature though, after each reboot, msthost
manages
to
erase the "block" settings of ZoneAlarm and I have to block it
afresh...

Any other suggestions, please??

"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
These are not Windows files. You can try right clicking and
selecting
properties to see if you can figure out to what they belong. If
you
have
no
viruses or malware installed, they may belong to other applications
installed on your system.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in message
...
Thanks Mike, but I do mean msthost.exe (817kb) and altsvc.exe
(13kb)
...both
located in system32 directory..as correctly mentioned earlier.
I have the latest 4 April NAV update and run the scan
regularly...I
have
also undergone free online scans of Panda and Trend....but
nothing
was
detected.
I couldn't get any information about these two processes running
in
the
background...


"Michael Solomon (MS-MVP Windows Shell/User)"
wrote
in
message ...
If you mean alertsvc.exe and mshost.exe, the first thing you
need
to
do
is
make sure your antivirus software is up to date and run a scan.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ratan Maitra" wrote in
message
...
Of late I have noticed msthost.exe and altsvc.exe (both
located
in
Windows/system32) are
running in the background. .....and msthost tries to connect
to
the
internet
immediately after logging on..
What are these, any ideas??