Hi,
I use Comodo Internet Security 3.5.57173.439, and from time to time I take a look at the Active Connection from the Firewall tab. Now I have svchost.exe that connects to this ip 61.145.113.116 on port 80. Ok this its some Chinese site or something like that. I configured the firewall to block this connection using Network Security Policy and now the attempted connection appears in the Firewall events like blocked. It tries to connect like every minute or so.
Now I downloaded the Process Explorer from
Process Explorer - Sysinternals | Microsoft Learn and i think this unknown program or something its start svchost.exe with this line
“C:\WINDOWS\system32\svchost.exe” 92869
All the other svchost instances are parented to services.exe this one (that its started with that line) its a independent process (maybe it has more privileges?)
I did a google search and I find a site that sticks to my description of my problem
http://www.spywaredetector.net/spyware_encyclopedia/Backdoor.Vipdataend.htm
but I don’t know if It can be trusted ( I don’t know this software)
I did a system scan with comodo antivirus but it found nothing
what can I do? please help, I know its there somewhere because its continually try to connect to that site but I can’t find what process or dll else it is.
Thank You very much for your time and help and please forgive my english I’m not native speaker
