I use Comodo Firewall pro and was looking at the active connections window when I saw svchost.exe making an odd connection to an IP address. After looking it up, it came from Parsonline in Iran. I'm in the dark on this one.
Have no idea if this will help but I came across this on the web and thought it might. Each instance of svchost.exe process seen in the Task Manager hosts a group of services. To see the list of services hosted by each instance of svchost.exe, you may use the Tasklist.exe console utility available in Windows XP Professional Edition. * Click Start, Run and type CMD.EXE * Type tasklist /svc >c:\taskList.txt The taskList.txt will contain the list of Processes, their Process IDs and the Services running under each Process at least it will show you what is using SVhost and you could prob go from there.
Hello. I agree with Fajo, you would need to narrow down your search. As an alternative, you can also use Sysinternal's Process Explorer to locate the exact svchost that is making the connection (dclick on svchost -> TCP/IP tab). You should look for any networking service that is being hosted by the isolated svchost. This will help locate the exact Windows "feature" that is making the connection. Cheers,
...I feel very dopey right now... When I entered the address into the RIPE whois search, I entered it as 91.99.***.***, which gives the parsonline. Since I couldn't cut and paste from the Comodo "active connections, I typed it in, but it should have been 91.(1)99.***.*** I know this because I checked the "active connections" when I was updating and recognized my mistake. That "1" made the difference between parsonline and Comodo... But thank you for your help! So it was actually happening when I checked for updates for comodo...and so it couldn't have been svchost.exe....
Please don't, no reason. It is always good to check and doublecheck your concerns. Ir is very easy to make a wrong trace or to draw the wrong conclusions from a correct one... Cheers,