Starting yesterday my Comodo Firewall has allowed over 150 firewall requests from System and C:Windows \System 32\svchost.exe. and it relentlessly continues as I write this. I have never seen so much firewall activity in such a short time in the 6 years that I have used the Comodo Firewall and I am very worried about this activity. I have done several scans with both the Emsisoft Emergency Scanner and Hitman Pro and they each turn up no infections.
Here are 3 screenshots of the firewall activity over 11-17-2014 and the first couple of hours after midnight today…
I tried to look up the destination IP addresses of these entries in the firewall log, but apparently they are unknown.
Is it possible that malware is using System and C:Windows \System 32\svchost.exe to get through the firewall? I am extremely worried about this situation and I am hoping that the community here at the Comodo forums will be able to help me to understand what I am now considering to be a dire situation.
After looking at the pics, Hopefully its probably a printer or something, but just to be sure
Would you mind downloading this and click “do a system scan and save a logfile”. This is portable so its easy to remove (Just drag folder to recycle bin when no longer needed)
If you like, you can post the logs here
also you can run this as this (this is beta still)
GlassWire is a free network monitoring tool that displays and alerts you about the network traffic originating from your computer. This allows you to quickly see what applications are communicating over the network and the Internet, how much bandwidth they are using, and what hosts they are connecting to. GlassWire also maintains a database of suspicious sites and will alert you when you attempt to visit one of them. Last, but not least, GlassWire includes an easy to use application firewall that allows you to block specific applications from communicating over a network and the Internet.
