Mant Posted September 26, 2007 Share Posted September 26, 2007 (edited) Hello,SVCHOST.EXE keep making a connection to msgr.dlservice.microsoft.com in various IPs remote addresses.Everytime i try to rebooting my PC, the SVCHOST.EXE is making those connection again with different remote IP address.but still said the Host From HTTP msgr.dlservice.microsoft.comI think this is not an update, in a normal update we see Host From download.windowsupdate.com or update.microsoft.comAutomatic Update service is disabled, no applications running, it's clean from any unwanted process, just my firewall (outpost.exe) runs.I try to stop BITS (Background Intelligent Transfer Service), yes it's stop for a while, then the BITS service just auto start again and SVCHOST.EXE is making those connection again.Well, i try to right click on SVCHOST.EXE to create rules.Wow, so this is a fake remote address, the truth SVCHOST.EXE is going to remote host 219.83.126.8This connection is annoying & distrubing my little bandwidth. Now bytes recieve is in 16Mb and keep going bigger. Is anyone there with the same problems and solutions? Edited September 27, 2007 by Mant Link to comment Share on other sites More sharing options...
tecknomage Posted September 26, 2007 Share Posted September 26, 2007 (edited) Bet you have Norton/Symantec AntiVirus (NAV) installed.SVCHOST.EXE a NAV's antivirus service. Don't do anything with it Edited September 26, 2007 by tecknomage Link to comment Share on other sites More sharing options...
Mant Posted September 26, 2007 Author Share Posted September 26, 2007 no, i use Kaspersky 7 and now i'll do rootkit scan... Link to comment Share on other sites More sharing options...
cluberti Posted September 26, 2007 Share Posted September 26, 2007 Note that both Windows Update and BITS run inside an svchost.exe process, and if BITS keeps restarting it's at least possible that WU is doing the downloading. Disable Automatic Updates and see if the "problem" stops. Link to comment Share on other sites More sharing options...
Mant Posted September 27, 2007 Author Share Posted September 27, 2007 (edited) It's not stop,I found this related to Akamai Technologiessvchost.exe 1620 TCP 3542 192.168.1.10 80 http 219.83.126.8 a219-83-126-8.deploy.akamaitechnologies.com Established C:\WINDOWS\System32\svchost.exe Microsoft® Windows® Operating System Generic Host Process for Win32 Services 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Corporation 27/09/2007 3:53:18 NT AUTHORITY\SYSTEM AudioSrv, BITS, CryptSvc, dmserver, EventSystem, LanmanWorkstation, Netman, Nla, Schedule, SENS, ShellHWDetection, srservice, Themes, TrkWks, winmgmt A 27/09/2007 19:56:43 Today i found somone controversial issues answers about Akamai here.I'am just paranoia or the victims of mega spy? Edited September 27, 2007 by Mant Link to comment Share on other sites More sharing options...
cluberti Posted September 27, 2007 Share Posted September 27, 2007 According to a whois lookup, that block is maintained by Indosat M2... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now