GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have AVG internet security suite + firewall, running on Windows Vista.
My firewall keeps detecting and blocking svchost connection to a remote port, (unauthorized by me). While being glad that its being blocked, I still need to stop whatever is going on. I was reading that this might be the remnants of a w32.welchia.worm. The only info I could find on it was for WIN2000 and WINXP. When I am logged on to the net, it seems to continue trying to to make a connection to a remote IP, port 137 and 138, among a couple of other ports, and seems to be using alot of my CPU. Just today, (at a guess cuz I didnt want to count them all), there has been at least 50 blocked attempts to this remote IP. Can anyone tell me how to fix this, or where I might find the software required to rid my system of this problem?
I will appreciate your help.
Bill
Last edited by Billy Makk; 12-30-2009 at 06:16 PM.
Reason: Better detailed info
svchost is a generic service that many MS services use, just going by the ports it looks like it uses MS Networking (netbios) to communicate.
If you download Process Explorer from Sysinternals/MS you should be able to work out exactly which service it is and decide from there whether to allow or block it
svchost is a generic service that many MS services use, just going by the ports it looks like it uses MS Networking (netbios) to communicate.
If you download Process Explorer from Sysinternals/MS you should be able to work out exactly which service it is and decide from there whether to allow or block it
cheers
(funny... I thought this was a Linux forum )
Yea, I know this is a Linux Forum. I've found that the users of LQ seem to have better knowledge than any other forum I've tried.
Thanks for your thoughts. I'll post what I can find out later.
Bill
svchost is a generic service that many MS services use, just going by the ports it looks like it uses MS Networking (netbios) to communicate.
If you download Process Explorer from Sysinternals/MS you should be able to work out exactly which service it is and decide from there whether to allow or block it
cheers
(funny... I thought this was a Linux forum )
Thanks, I got it resolved. Turns out that these IP addresses are mostly MS updates. Odd that it says that they were outgoing connections being blocked.
Anyway, thx again and Happy New Year
Bill
yes your OS is sending a request to MS update servers to see if there is anything new it needs to download (automatic updates) to update the OS or any other MS product you have installed on that system. surprising that it is using port 137/139 as those (mentioned above) are known ports and a lot of firewalls block them as standard safety as not many home users or even business use nettbios any more as just about all LANs have moved to the much more robust TCP/IP stack.
the old netbui(sp?) is left over from the WINS servers of winNT 4 and older as well as part of Novel networks. I think even Novel networking is now TCP/IP, but i could be wrong there.
yes your OS is sending a request to MS update servers to see if there is anything new it needs to download (automatic updates) to update the OS or any other MS product you have installed on that system. surprising that it is using port 137/139 as those (mentioned above) are known ports and a lot of firewalls block them as standard safety as not many home users or even business use nettbios any more as just about all LANs have moved to the much more robust TCP/IP stack.
the old netbui(sp?) is left over from the WINS servers of winNT 4 and older as well as part of Novel networks. I think even Novel networking is now TCP/IP, but i could be wrong there.
Thx. I just updated with MS service pack 2. That in itself seems to have greatly reduced my CPU usage.
Happy new yr
Bill
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.