Now I’m assuming the language is Chinese but it could be something else since I’m not familiar with it.
I’ve had loads of Comodo warnings that a program is trying to connect to the internet. When I click on the application to see what application it is Windows can’t find it so I block the program.
I’ve had Netgear modem on my PC in the past (which could be a Chinese connection) but that service for that is disabled on my PC. I don’t have malware on my system since I’ve been through a lot of clean ups with whatthetech forum.
How can I check what is making these connections from my PC?
According to your link it is suspected that with Netgear WiFi you got …\system32\winservice.exe
and that can be a trojan suspect.
Why not make sure ?
If you rename winservice.exe as winservice.eee and reboot, what happens ?
Does your Netgear WiFi work as before ?
Do the Comodo warnings continue ?
If there is no change it must be something totally different.
If the Internet no longer works as well, perhaps you need to change winservice.eee back to winservice.exe,
and then add a Firewall Application Rule specifically blocking that from Internet Access.
n.b. You can “Block and Log” so the logs will show that connection is being attempted to/from that specific *.exe, confirming that you are targeting the culprit, after which you may consider changing to “Blockl” without the log.
Please ensure that English is the language selected therein. I feel that you have somehow selected another language as your default language for CIS and hence CIS it seems is giving translated alerts.
I checked your topic at the whatthetech forum and for now I am assuming with them that the files are indeed related to you Netgear USB wireless adapter.
Can you tell us a bit more about your network set up? Are you ADSL of Cable and do you have a router present? Are you using the Netgear USB wireless adapter to connect?
How is your firewall set? What is the configuration you are using? Look under Miscellaneous → Manage My Configurations. How are the Firewall behaviour settings set? They can be found under Firewall → Advanced → Firewall behaviour settings.
I don’t think these programs need to access the web nor do they need incoming traffic. My advice would be to set them both as Blocked Application. To do so you need to click on the More Options link in the alert. That will give the possibility to let a policy handle the application’s traffic; set it to Blocked Application. This should get rid of the alerts.
If I understand things correctly the disabled service got active again. Another program may have woken it up. I want to see if we can use Defense + to catch the program starting the service. I am assuming it may be WG111V2.EXE (C:\PROGRAM FILES\NETGEAR\WG111V2\WG111V2.EXE). Go to Defense + → Advanced → Computer Security Policy → look up and erase the rule for WG111V2.EXE. Apply and Ok your way out.
Then go to Defense + Advanced → Defense + Settings and set it to Paranoid. You will get more alerts but it may be worth the try.
Make sure the SCM_Service is disabled and see if WG111V2.EXE is trying to write to a registry key with name SCM_Service at any point in time. For testing manually start wg111v2.exe when it is not already running.
You may see several alerts. One of them may be pointing to winservice.exe and one to wg111v2.sys. Let us know any alerts about wg111v2.exe to any protected registry key.
Thanks for your replies - I’ve been busy so hadn’t checked this post.
Although the Netgear wireless has been installed it’s not being used.
The winservices.exe has been checked by a virus checker and it’s clean.
(If you check the whatthe tech thread you’ll see what we’ve done already).
The winservices.exe is now off and disabled and yet I still get some connections. I have blocked them time and time again but that doesn’t seem to do any good.
Language setting is English. Not all of the connections are Chinese but the vast majority of them are.
I don’t know when this first happened - I don’t tend to use that laptop that much since it’s my ‘spare’ and I’m only using until I get my usual one back. I have tried to work out what I’m doing when they occur but it doesn’t seem to be any particular thing.
Firewall settings are safe mode.
Defence + is disbaled since I had some issues when that was running with Kaspersky a while back.
Maybe I’ll simply uninstall the netgear and see what happens then.
That’s actually not Chinese but messed up characters. If you assert that your computer has no malware, then perhaps it’s a pinyin program trying to connect to the internet to check for updates. And since you have not set windows to read east Asian languages, it just comes out garbled. Either way, I’d just block it.
At Karen
If you decide to go with Eric’s supervision (I think you should) uninstall temporarily Kas and replace it with Avira free or MSE (so you can enable Defense+).