Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hosts file compromised [Solved] [Closed]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It was actually a fairly clean system to start with, all I did was tidy up some orphan entries and remove the comodo update temp file to see if that was a blockage.

Emptying the temporary files may have speeded up the browsing a bit. But, as I say it looks good :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

Advertisements


#17
jn1000

jn1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hmm, the issue of having countless of outbound connections from svchost hasn't gone away. It happened again last night. They all seem to be connecting to my router so at least the destination isn't worrysome, but why would my system be establishing dozens, if not hundreds, of connections to my router using different ports?

 

Another thing I'm noticing is that I am now frequently getting inbound connections from System (the IP is, again, from my router). I'm not particularly worried about that (should I?), but I never used to get those, and now after running the fix with FRST it is happening frequently. Could the network reset have something to do with this? Is it possible it might have meddled with some firewall settings and removed a rule regarding inbound connections?


Edited by jn1000, 16 December 2014 - 05:09 AM.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The IGMP packets, most probably, are sent out by the router trying to discover other PCs on your network. This is legitimate traffic and whether you block or not is up to you and depends on how your network works. If blocking causes no problems, particularly if you only have one PC, then go ahead and do it.

The way to stop this is to disable the following two services (set them to disabled) :

Universal Plug and Play Device Host
SSDP Discovery Service


Go to Control Panel > Administrative Tools > Services
Locate the two services listed above
Right click the service and select Properties
In the drop down set to Disabled
Apply and OK out
Repeat for the second service
Capture.JPG


Reboot the computer
  • 0

#19
jn1000

jn1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Thanks for the tip, I followed the instructions. However, the connections that I spoke of in my previous post were not IGMP. They were TCP OUT (for svchost) and TCP IN (for System). Does that make any difference?

 

Also, explorer.exe forms several outbound TCP connections. But if all of this is normal, then I guess that wraps things up.


Edited by jn1000, 16 December 2014 - 11:30 AM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
These are my connections using Svchost and explorer. Although I never keep track of them :)

Capture.JPG

Capture1.JPG

How is the computer behaving otherwise ?
  • 0

#21
jn1000

jn1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

The computer is working fine otherwise, thanks. My svchost connections look very different from yours... Mind if I PM you a screenshot of my connections as one last step before closing the topic?


Edited by jn1000, 17 December 2014 - 06:53 PM.

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sure feel free :)
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#24
jn1000

jn1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

It's probably nothing to worry about since it's all going to the router, but if you could confirm whether that's normal activity, I'd appreciate it. Thanks.

 

And to clarify, that only shows a portion of the connections from svchost. There were dozens more that time and sometimes there are literally hundreds.

 

Edit: I attached the screenshot to a private message.


Edited by jn1000, 23 December 2014 - 07:31 PM.

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi the screenshot is missing could you attach it here ?
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP