I have been experiencing never ending security alerts regarding svchost every time I connect to the Internet.
I have the choice of either allowing or denying one time only but there is no check box to always allow or always deny.
Can a kind member please help me fix this annoyance?
I have enclosed a picture of 1 of the alerts.
Thank you.
If you have a close look at the alert, you’ll see that it’s saying that SVCHOST.EXE on your PC is trying to act as a server in response to a request from an external IP on port 138, which is used for MS networking.
The reason that there is no REMEMBER option for this is because you really don’t want this to be remembered.
Without further info, I would think that you have some form of malware on your PC that is attempting to create a connection to an outside address. I would recommend that you download HijackThis, run it and generate a log and attach the log file to a reply to this post. Hijack This examines your system and records all components that are set to start automatically on your system.
I’m presuming that your computer is connecting thru a modem, and not a NAT/router, as a router should block unrecognized traffic like that which you’re seeing.
The IP address in the screenshot is 86.30.1.36, which is an adsl customer address for ntlworld.com.
In your HJT log, I notice that your nameservers are 194.168.4.100 and 194.168.8.100, which appear to be caching nameservers for ntli.net (NTL International, UK).
If you are an NTL UK customer, then there would seem to be a strong chance that your getting queries from some other NTL customer who has a badly misconfigured, or infected, machine. In which case, bringing it to the attention of the NTL folks would be something to do.
With the caveat that I’m not a practiced HJT examiner, I’m not seeing any problems with your HJT log. Only that you’ve used the now obsolete 2.0.0 Beta version. The current 2.0.2 version is available from http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis, or from the trendmicro.com home page and follow the links. Your HJT log is actually remarkably straightforward, in comparison to a number of logs that I’ve seen.