Suspicious Connections & Behaviour with COMODO Firewall

[Guest]

[atsivxp]

Suspicious Connections & Behaviour with COMODO Firewall

I have seen some activity on my machine which borders on suspicious behaviour after
I install a certain program. When I came back COMODO said it had blocked intrusions
and I had about 279 out-bound connections, my active connections was suspicious with
IPs and ports which was quite dynamic. How can I tell if it is indeed harmful
connections and block them? I really want to get rid of those but need
a bit of guidance.

I am on a Windows 7 / 64-bit and I think I know the application that is making the
connections, or do I? Below is just a sample active connections and they keep changing.
Please help!

c:\windows\syswow64\svchost.exe

Protocol   Source         Destination
==============   ==============      ==============
TCP OUT      192.168.0.6:50751   77.67.10.135:443
TCP OUT      192.168.0.6:50692   77.67.10.132:443
UDP OUT      192.168.0.6:65392   96.6.40.21:3478
UDP OUT      192.168.0.6:65393   125.56.208.184:3478

many thanks

[atsivxp]

I did a little research and found the IPs come from AKAMAI.
Still not sure so any good advice will do. If you need maore details please do let me know.

inetnum: 77.67.10.128[Who Is IP][trace][Reverse IP Search] - 77.67.10.255[Who Is IP][trace][Reverse IP Search]
netname: AKAMAI-TINET
descr: Akamai Technologies

[EricJH]

Since Akamai only hosts about 25% of the complete internet 

I think some legit application is calling home for updates. I remember AVG updates were hosted with Akamai several years ago; they may still be hosted by Akamai, but haven't used AVG in the period until now.....

[atsivxp]

Uploaded the file windows\syswow64\svchost.exe to virustotal.com and it only one came out
positive, see below, still not sure. all the other virus checkers are negative, wondering if it is a false positive.

 eSafe 7.0.17.0 2010.09.21 Win32.TrojanHorse

[Tags:]