Windows XP spyware? Generic Host Process for Win32 Services

Toggle sidebar Toggle sidebar
U

usual_suspect

Senior member
Jan 16, 2000
332
0
0
After I got xp pro installed I saw this and denied it access to the internet (via zone alarm) but then IE would not connect...

I finally found an anti-spy program that let me disallow the process and still connect: XP Antispy scroll down to about the middle of the page.

Heres a thread on another board about it.

Has this been discussed here before? I did a search but could not find anything about it in this forum. It seems pretty significant. I wonder what else xp is doing that I don't know about.
 
B

BDawg

Lifer
Oct 31, 2000
11,631
2
0
Why worry about a antispy program that could be trojaned when you can just turn of the DNS Client Service and then disable Generic Host Process access in Zone Alarm?
 
B

BDawg

Lifer
Oct 31, 2000
11,631
2
0


<< My firewall picks it up all the time. No big deal... >>



Picking it up is one thing. Blocking it is another. Without modification, blocking it disables your web browser.
 
D

DocDoo

Golden Member
Oct 15, 2000
1,188
0
0
This "Generic Host Process for Win32 Services" that you are talking about, would it happen to be using port 1900?

Is so, there is a very simple reason for this....
 
B

BDawg

Lifer
Oct 31, 2000
11,631
2
0
Yep, that's exactly the one their talking about. It's the one that sends your thoughts to the satellite owned by Major League Baseball! ;)
 
M

MoFunk

Diamond Member
Dec 6, 2000
4,058
0
0


<< This "Generic Host Process for Win32 Services" that you are talking about, would it happen to be using port 1900?

Is so, there is a very simple reason for this.... >>



So what would that reason be? Just curious. :)
 
B

BDawg

Lifer
Oct 31, 2000
11,631
2
0


<< So what would that reason be? Just curious. :) >>



To discover plug and play network devices.

And to upload your thoughts to Major Leage Baseball. If you take your focusyn, you should be fine. ;)
 
D

DocDoo

Golden Member
Oct 15, 2000
1,188
0
0


<< To discover plug and play network devices. >>


Yep thats it. I am still amazed just how paranoid people can be. Wish more people would learn how to properly use a packet analyzer. That alone would eliminate 50% of the mis-information out there.

FWIW: The GHPWS only looks for 239.255.255.250 and return protocol-2 is bounced from 224.0.0.22 (both are LAN only protocols).

OMG... My own PC is attacking itself - must be into self-mutilation ;)
 
M

MoFunk

Diamond Member
Dec 6, 2000
4,058
0
0


<<

<< To discover plug and play network devices. >>


Yep thats it. I am still amazed just how paranoid people can be. Wish more people would learn how to properly use a packet analyzer. That alone would eliminate 50% of the mis-information out there.

FWIW: The GHPWS only looks for 239.255.255.250 and return protocol-2 is bounced from 224.0.0.22 (both are LAN only protocols).

OMG... My own PC is attacking itself - must be into self-mutilation ;) >>



To get people to properly use a packet analyzer will be a nice trick. Most are just now scratching the surface on how to properly use a virus protection program and firewall! But just for Sh*ts and giggles for anyone reading this, are there any decent freeware packet analyzer programs out there that you would recommend?
 
D

DocDoo

Golden Member
Oct 15, 2000
1,188
0
0
Free P/A from a great guy. (But CommView from Tamosoft is well worth the price).

However, all packet analyzers offer only promiscuous sniffing, so if you are behing a router/gateway, you are SOL for monitoring the head end - but fine for isolated PC's. This is why I use a hardware sniffer (among other reasons) ;)

-All my hats are white :p
 
S

sp33dracer

Member
Feb 18, 2001
125
0
0


<< And to upload your thoughts to Major Leage Baseball. If you take your focusyn, you should be fine. ;) >>



nice reference!
...it's from the Simpsons for all you pop-culturally challenged types out there ;)

interesting news on the spyware - I just installed xp myself, but I hadn't noticed this "abnormallity"
 
M

MoFunk

Diamond Member
Dec 6, 2000
4,058
0
0
I have a new one popping up. I have 3 of these in zone alarm 2 say just generic host process but one also says listening to tcp port 5000 and has a little shared hand under it. Any ideas?
 
B

Blayze

Diamond Member
Feb 22, 2000
6,152
0
0


<< I have a new one popping up. I have 3 of these in zone alarm 2 say just generic host process but one also says listening to tcp port 5000 and has a little shared hand under it. Any ideas? >>



Anyone else getting this?
 
E

extro

Senior member
Jan 6, 2001
365
0
0
The one listening to port 5000 is associated with Universal PnP, it's the SSDP Discovery Service which you can safely stop and disable in Computer Management.

Steve Gibson of Shield's Up fame has a little utility that can do this (for those who can't figure out how to enable/disable a service on their own), and explains a little of what's going on (with his usual paranoid tone :)) here.
 
M

MoFunk

Diamond Member
Dec 6, 2000
4,058
0
0
Interesting. I just read about this in an IS mag a couple of days ago and thought that I went in and disabled the service myself. Guess I will need that patch. Thank you extro!
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom