Generic Host Process for Win32 Services.

  • Thread starter Thread starter OM
  • Start date Start date
O

OM

I've made a change on my router.
And now I'm getting the message from my firewall: "Generic Host Process
for Win32 Services, Port 32729".
There's several such messages that come up each with a different port.

Is this an intrusion from a potential hacker?

Should I block it forever?

Thanks.


OM
 
From: "OM" <[email protected]>

| I've made a change on my router.
| And now I'm getting the message from my firewall: "Generic Host Process
| for Win32 Services, Port 32729".
| There's several such messages that come up each with a different port.
|
| Is this an intrusion from a potential hacker?
|
| Should I block it forever?
|
| Thanks.
|
| OM

Sounds like a Trojan communicating via SVCHOST.EXE


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
I've made a change on my router.
Click to expand...

What change is it that you made to the router?
And now I'm getting the message from my firewall: "Generic Host Process
for Win32 Services, Port 32729".
There's several such messages that come up each with a different port.

Is this an intrusion from a potential hacker?
Click to expand...

That depends on what change is it that you made on the router. What did
you do?
Should I block it forever?
Click to expand...

Svchost.exe or Generic Host Processor is just the messenger. Should you
kill the messenger or should you try to find out what's trying to use the
messenger and kill that?

Duane :)
 
Duane said:
What change is it that you made to the router?
Click to expand...
i enabled UPnP.
is that a bad thing to do??
i needed to do this to try and get VOIP working...
(still not working though.)
 
From: "OM" <[email protected]>

|
| i enabled UPnP.
| is that a bad thing to do??
| i needed to do this to try and get VOIP working...
| (still not working though.)

Not if you are behind a uPnP compliant Router such as the Linksys BEFSR41.
 
i enabled UPnP.
is that a bad thing to do??
i needed to do this to try and get VOIP working...
(still not working though.)
Click to expand...

You opened port(s) to the public Internet for UPnP, which means any kind
of traffic can come down the port(s) as the router is no longer
protecting on the port(s). You should leave a PFW solution or some other
packet filter running at the machine level to protect the machine.

Duane :)
 
From: "Duane Arnold" <[email protected]>


| You opened port(s) to the public Internet for UPnP, which means any kind
| of traffic can come down the port(s) as the router is no longer
| protecting on the port(s). You should leave a PFW solution or some other
| packet filter running at the machine level to protect the machine.
|
| Duane :)

uPnP is seen on the LAN side of the Router, not the WAN side.
Therefore it is not "...opened...to the public Internet..."
 
From: "Duane Arnold" <[email protected]>


| You opened port(s) to the public Internet for UPnP, which means any kind
| of traffic can come down the port(s) as the router is no longer
| protecting on the port(s). You should leave a PFW solution or some other
| packet filter running at the machine level to protect the machine.
|
| Duane :)

uPnP is seen on the LAN side of the Router, not the WAN side.
Therefore it is not "...opened...to the public Internet..."
Click to expand...

I didn't know that. I thought UPnP was kind of like port forwarding?

Duane :)
 
From: "Duane Arnold" <[email protected]>


| I didn't know that. I thought UPnP was kind of like port forwarding?
|
| Duane :)

uPnP -- Universal Plug 'n Play, TCP port 5000.

Its a middleware protocol for control of devices and communications

In this case the VoIP appliance uses uPnP to communicate with the uPnP compliant Router to
make sure VoIP ports are forwarded to the VoIP appliance. This automatically configured
instead of a user having to manually configure the Router for the VoIP device to work behind
the Router.

It is a LAN protocol and there is no need to have uPnP open to the Internet. Therefore you
won't see uPnP packets comming out of the WAN nor TCP port 5000 open in a WAN based port
scan.

http://www.upnp.org/

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/upnpxp.mspx#EEAA
 
From: "Duane Arnold" <[email protected]>


| I didn't know that. I thought UPnP was kind of like port forwarding?
|
| Duane :)

uPnP -- Universal Plug 'n Play, TCP port 5000.

Its a middleware protocol for control of devices and communications

In this case the VoIP appliance uses uPnP to communicate with the uPnP
compliant Router to make sure VoIP ports are forwarded to the VoIP
appliance. This automatically configured instead of a user having to
manually configure the Router for the VoIP device to work behind the
Router.

It is a LAN protocol and there is no need to have uPnP open to the
Internet. Therefore you won't see uPnP packets comming out of the WAN
nor TCP port 5000 open in a WAN based port scan.

http://www.upnp.org/

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/upnpxp.m
spx#EEAA
Click to expand...

I am sitting in a hotel in Reno, NV for the next six months. So I cannot
look at a router configuration and what is happening. I do know you have
to set a LAN IP on the router I think for UPnP. I guess SCVhost.exe on
the OP's machine is just trying to communicate as that's its job to
communicate on a network LAN or WAN. The OP enabled UPnP on the router
and SVChost is just trying to communicate. It seems that it is another
case of the PFW on the machine whining about nothing with its Application
Control.

Duane :)
 
From: "Duane Arnold" <[email protected]>


| I am sitting in a hotel in Reno, NV for the next six months. So I cannot
| look at a router configuration and what is happening. I do know you have
| to set a LAN IP on the router I think for UPnP. I guess SCVhost.exe on
| the OP's machine is just trying to communicate as that's its job to
| communicate on a network LAN or WAN. The OP enabled UPnP on the router
| and SVChost is just trying to communicate. It seems that it is another
| case of the PFW on the machine whining about nothing with its Application
| Control.
|
| Duane :)
|

That's a good summation.
 
From: "Duane Arnold" <[email protected]>


| I am sitting in a hotel in Reno, NV for the next six months. So I
| cannot look at a router configuration and what is happening. I do
| know you have to set a LAN IP on the router I think for UPnP. I
| guess SCVhost.exe on the OP's machine is just trying to communicate
| as that's its job to communicate on a network LAN or WAN. The OP
| enabled UPnP on the router and SVChost is just trying to communicate.
| It seems that it is another case of the PFW on the machine whining
| about nothing with its Application Control.
|
| Duane :)
|

That's a good summation.
Click to expand...

Yeah, I use a PFW on my laptop and that's it. And I turned APP Control
off on it log ago, as it whined about nothing. <g>

Later!

Duane :)
 
Back
Top