15-20 Svchost.exe Processes After Suffering zlob Trojan Issues

I was the unfortunate victim of a zlob trojan varient yesterday (which caused a ton of pop ups and new IE windows for supposed anti-virus and spyware sites, changed my IE home page, etc.). After loading AVG Anti-Virus and running 2 scans, the software is no longer finding reminants of the trojan, but now that I’ve loaded Comodo Firewall Pro 3.0, I’m seeing 15-20 svchost.exe connections reaching out to (on port 80) and (on port 2738) (as well as inbound requests from, which I’m currently blocking). If I block the svchost.exe outbound communications, I can no longer get out to the internet (i.e. IE times out). Should I allow outbound communication for svchost.exe where the two IP addresses are known DNS servers or is something else going on?

I’m a little paranoid that remnants of the trojan exist on my machine and are spawning unnecessary outbound communications.


personally i prefer Avast over AVG, if you start a program (I.E.) and an allow/block message comes up generally hitting allow would be ok since you initiated the program, i’d try a couple online virus scans just in case something disabled portions of your onboard protection.

Doing some checking shows goes to a site in Moscow, Russia. If you don’t have a reason to be doing that, I’d block that address.

However, the 10.x.x.x, and 192.168.x.x address blocks are private IP address spaces, and may be related to how you are connecting the Internet and how your LAN is set up. Do you have a NAT/router? If so, it’s probably the 192.168.x.x. Are you a cable modem user, rather than DSL? If so, then you could see some stuff from 10.x.x.x as that sometimes shows up in cable modem configurations.

As an additional virus check, I’d suggest doing an on-line scan from kaspersky.com.

and tell him what? to buy kaspersky if he wants to remove the adware that he by his post certainly has.go to eset online scanner or bitdefender on line scanner .

I just wanted to express a belated thank you for your assistance. The problem was corrected.