Should I be worried

osullivj35 · August 23, 2007, 8:55pm

Hi

Comodo is warning me about the following;

ate/Time :2007-08-23 21:21:02
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:207.46.211.250: :http(80))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 207.46.211.250::http(80)

Date/Time :2007-08-23 21:19:58
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:207.46.211.250: :http(80))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 207.46.211.250::http(80)

Date/Time :2007-08-23 21:18:57
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:207.46.211.250: :http(80))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 207.46.211.250::http(80)

Date/Time :2007-08-23 21:17:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 207.46.211.250::http(80)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-08-23 21:15:58
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 207.46.211.250::http(80)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-08-23 21:14:57
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 207.46.211.250::http(80)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-08-23 21:14:38
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.1:upnp-mcast(1900)
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Should I be worried that I have a virus or something? It comes up straight on boot up

Thanks,
Jerry

jasper2408 · August 23, 2007, 9:04pm

The 207.46.211.250 IP address is going out to Microsoft and the last entry of 192.168.1.1 for the IP address going out port 1900 is from your PC more than likely and that is Upnp. The Upnp is how Windows finds compatible printers and other network devices on a network. You might also see an entry with port 2869 that is a multicast addres and it is normal also.

I have them disabled on my laptop as I don’t ever need them.

jasper

Razorro · August 23, 2007, 9:41pm

Just a small post to say that the IP range 207.46.. is entirely owned by Microsoft.
So no worries about seeing these addresses in alerts/logs.
(well, as far as seeing data flowing from our computers to Microsoft is not worrying , hehe ;D )