Author Topic: Network Shield and svchost  (Read 2534 times)

0 Members and 1 Guest are viewing this topic.

silversurfer

  • Guest
Network Shield and svchost
« on: May 18, 2009, 07:38:03 PM »
I keep getting a popup notice from the Network Shield alerting me to the fact that the av blocked something from accessing the browser. The best I can remember of the url is updateserverinfo.com/cmp. I have no idea what this is and I've searched on it but can't find anything indicative as to what it is or how I can remove it.

I've already run the av twice, plus Stinger, plus SpyBot Search & Destroy and manually dumped cache in both FF & IE, but none of those apps found anything even remotely suspcious. Plus I've run TCPview and Process Explorer and neither of those reported anything out of the ordinary.

The software firewall, however, did keep reporting the Windows Explorer kept accessing the net (until I blocked it) and the traffic log caught the following outgoing urls plus the Network Shield notification.

http://i216.photobucket.com/albums/cc27/mags367/strangebehavior.jpg

Notice in the sw firewall traffic log that it is explorer that is being blocked and further notice the remote hosts. This pc is used for business only (meaning no funky downloading or visiting of dubious sites of any sort) and I am the only user, so where the porn-like urls are coming from I'm not sure.

Does anyone know WTH this is and how I can get rid of it? I'm not even sure at this point if I should even be concerned about it.   I'm thinking this may be a false positive.  A little help?

BTW, this is the full URL of the malicious site:

updateserver.info/cmp/controller.php?&ver=8&uid=c97d60a&aid=dcreavers2&adm=adm&br=FIREFOX.EXE&os=XPSP2 [ C:\WINDOWS\System32\svchost.exe


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Network Shield and svchost
« Reply #1 on: May 18, 2009, 07:48:43 PM »
Quote
I keep getting a popup notice from the Network Shield alerting me to the fact that the av blocked something from accessing the browser
Note the BLOCKED. That is why nothing is found during a system scan ;)

What site is it you are trying to view when you get the message about "updateserver.info"?

silversurfer

  • Guest
Re: Network Shield and svchost
« Reply #2 on: May 18, 2009, 07:52:12 PM »


What site is it you are trying to view when you get the message about "updateserver.info"?

It's not site specific as the notice pops up randomly.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Network Shield and svchost
« Reply #3 on: May 18, 2009, 08:06:48 PM »
Computers never do anything randomly, although it may appear that way to the user.

YoKenny

  • Guest
Re: Network Shield and svchost
« Reply #4 on: May 18, 2009, 08:35:07 PM »
Read what Web of Trust (WoT) shows about that site:
http://www.mywot.com/en/scorecard/updateserver.info