0 Replies Latest reply on Jan 4, 2010 7:32 PM by talper

    Constant network traffic from svchost.exe

      This may in fact be the fault of my network hardware/software, but since Mcafee SecurityCenter > Traffic Monitor is reporting this I figured I'd post here.

       

      Generic Host Process for Win32 Services (I'll call it svchost.exe for short...) is generating a constant, even amount of network traffic whenever a user is logged in; consistently about 360 packets in and out every minute. The traffic started recently after I tried tweaking my router and wireless card settings to resolve a network disconnection problem.

       

      Traffic Monitor shows svchost.exe is connected to 192.169.1.1 (my router) on ports 5431 and 2129 and 127.0.0.1 (loopback?) port 1034. Listening on ports 2869, 1900 (twice) 123 (twice) and 135. I did some digging, and tasklist /svc lists these services connected through scvhost.exe:

       

      Image Name                   PID Services
      ========================= ====== =============================================

      svchost.exe                 1328 DcomLaunch, TermService
      svchost.exe                 1396 RpcSs
      svchost.exe                 1436 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
                                       EventSystem, FastUserSwitchingCompatibility,
                                       helpsvc, lanmanserver, lanmanworkstation,
                                       Netman, Nla, RasMan, Schedule, seclogon,
                                       SENS, SharedAccess, ShellHWDetection,
                                       srservice, TapiSrv, Themes, TrkWks, W32Time,
                                       winmgmt, wscsvc, wuauserv, WZCSVC

      svchost.exe                 1648 Dnscache
      svchost.exe                 1772 LmHosts, RemoteRegistry, SSDPSRV

      svchost.exe                 2024 WebClient

      svchost.exe                  556 stisvc

      svchost.exe                  396 HTTPFilter

       

      I didn't change much on the network, just reset the router, changed a couple of software settings then changed them back again. I also changed a conspicuous Mcafee Firewall > Security Level "Allow Outgoing only" setting, then changed it to "Standard". No effect.

       

      I don't think this is spyware/malicious activity. Mcafee shows nothing in the logs and complains about nothing, and another spyware check shows nothing abnormal either.

       

      Any ideas? Thanks.

       

       

      Message was edited by: talper [changed typo in title] on 1/4/10 7:32:56 PM CST