Showing results for 
Search instead for 
Did you mean: 
Level 7

Constant network traffic from svchost.exe

This may in fact be the fault of my network hardware/software, but since Mcafee SecurityCenter > Traffic Monitor is reporting this I figured I'd post here.

Generic Host Process for Win32 Services (I'll call it svchost.exe for short...) is generating a constant, even amount of network traffic whenever a user is logged in; consistently about 360 packets in and out every minute. The traffic started recently after I tried tweaking my router and wireless card settings to resolve a network disconnection problem.

Traffic Monitor shows svchost.exe is connected to (my router) on ports 5431 and 2129 and (loopback?) port 1034. Listening on ports 2869, 1900 (twice) 123 (twice) and 135. I did some digging, and tasklist /svc lists these services connected through scvhost.exe:

Image Name                   PID Services
========================= ====== =============================================

svchost.exe                 1328 DcomLaunch, TermService
svchost.exe                 1396 RpcSs
svchost.exe                 1436 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
                                 EventSystem, FastUserSwitchingCompatibility,
                                 helpsvc, lanmanserver, lanmanworkstation,
                                 Netman, Nla, RasMan, Schedule, seclogon,
                                 SENS, SharedAccess, ShellHWDetection,
                                 srservice, TapiSrv, Themes, TrkWks, W32Time,
                                 winmgmt, wscsvc, wuauserv, WZCSVC

svchost.exe                 1648 Dnscache
svchost.exe                 1772 LmHosts, RemoteRegistry, SSDPSRV

svchost.exe                 2024 WebClient

svchost.exe                  556 stisvc

svchost.exe                  396 HTTPFilter

I didn't change much on the network, just reset the router, changed a couple of software settings then changed them back again. I also changed a conspicuous Mcafee Firewall > Security Level "Allow Outgoing only" setting, then changed it to "Standard". No effect.

I don't think this is spyware/malicious activity. Mcafee shows nothing in the logs and complains about nothing, and another spyware check shows nothing abnormal either.

Any ideas? Thanks.

Message was edited by: talper [changed typo in title] on 1/4/10 7:32:56 PM CST
0 Kudos