Jump to content

svchost.exe and multicast DNS


Recommended Posts

 4 days ago, the computer got infected with a trojan and after I cleaned the computer from the trojan, I did a full scan of the computer with the window and also with eset and many antivirus programs, they did not find anything, but when I did with gridinsoft, they found many malware and 3 trojans bend immediately looked at the network protection log of Eset and svchost.exe I noticed that I was trying to access the network with various ip addresses. I shared an example below. I have a trojan in my computer or a trojan infected with svchost.exe?

IMG20210205195411.jpg

Link to comment
Share on other sites

All the svchost.exe connections look legit except to port 8000.

Review this: https://www.speedguide.net/port.php?port=8000 and determine if you are using any legit apps listed in the article.

What you can do is create an Eset firewall rule to block all inbound and outbound network traffic for C:\Windows\System32\svchost.exe for protocol UDP remote port 8000. Enable alerting and logging for the rule. This rule will at least notify you of this activity from which you might be able to determine the source app for the activity.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
3 hours ago, Duhan Orhan said:

 4 days ago, the computer got infected with a trojan and after I cleaned the computer from the trojan, I did a full scan of the computer with the window and also with eset and many antivirus programs, they did not find anything, but when I did with gridinsoft, they found many malware and 3 trojans bend immediately looked at the network protection log of Eset and svchost.exe I noticed that I was trying to access the network with various ip addresses. I shared an example below. I have a trojan in my computer or a trojan infected with svchost.exe?

IMG20210205195411.jpg

Never heard of grindsoft but if many well known AVs find nothing and a small unknown one finds loads it raises alarms for me. It might not be the case with this specific AV, but I've seen cases will small unknown ones which have lots of false positives. Some also use bad business practices such as telling you you have viruses and need to buy the software to remove them but they don't exist and its just to get you to pay. Some in the past have even infected the user as a way to get them to pay 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...