| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65431 | 2006-01-18 00:25:00 | sychost.exe virus or what? | heaton (3697) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 422043 | 2006-01-18 00:25:00 | I know I have asked this in a previous post and Speedy helped me check out my computer but I am still in the dark as to what is going on. I am using zone alarm firewall and if I go in the Alerts Log there are quite a number of items showing sychost is doing something I don't understand. This is a typical entry: Program: Sychost.exe Source IP xxxxxxetc Destination IP - Direction: incoming (accept) Action taken: blocked Source DNS xxxxxxxx With Speedy's help I scanned my computer and there is no sign of sychost.exe in my computer so what is happening that there are so many zone alarm alerts ? |
heaton (3697) | ||
| 422044 | 2006-01-18 00:43:00 | Do you have a virus scanner? Sychost.exe is part of the LEOX.B virus (www.sarc.com). Is the virus detected when you run a virus scan? |
pixeldust (6619) | ||
| 422045 | 2006-01-18 00:50:00 | Please download HijackThis (www.cyberanswers.org). It will create a directory folder for you in C\Program files. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help determine what,if any, spyware/malware is on your computer. | Pancake (6359) | ||
| 422046 | 2006-01-18 02:22:00 | I am using zone alarm firewall and if I go in the Alerts Log there are quite a number of items showing sychost is doing something I don't understand. This is a typical entry: Program: Sychost.exe Source IP xxxxxxetc Destination IP - Direction: incoming (accept) Action taken: blocked Source DNS xxxxxxxx Doesn't this just show that the Zone Alarm firewall has done its job and blocked the attempted intrusion and made a note (log) of it so that you can have a look at what ZA has done?? Maybe there's a configuration setting in ZA to turn off the logging then you wouldn't know what ZA was doing for you and stop you being concerned??? FYI my logged info shows that ZA has done its job 83,015 times, none of which I have been aware of. The log has some details but WTH, I never read it anyway... |
Dusty (3931) | ||
| 422047 | 2006-01-18 02:59:00 | Do you have a virus scanner? Sychost.exe is part of the LEOX.B virus (www.sarc.com). Is the virus detected when you run a virus scan? Yes I Have AVG Pro and no it does not detect any virus. |
heaton (3697) | ||
| 422048 | 2006-01-18 03:01:00 | Please download HijackThis (www.cyberanswers.org). It will create a directory folder for you in C\Program files. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help determine what,if any, spyware/malware is on your computer. Done all that with Speedy and no sign of the program or the virus concerned. |
heaton (3697) | ||
| 422049 | 2006-01-18 03:04:00 | Doesn't this just show that the Zone Alarm firewall has done its job and blocked the attempted intrusion and made a note (log) of it so that you can have a look at what ZA has done?? Maybe there's a configuration setting in ZA to turn off the logging then you wouldn't know what ZA was doing for you and stop you being concerned??? FYI my logged info shows that ZA has done its job 83,015 times, none of which I have been aware of. The log has some details but WTH, I never read it anyway... Why does the log say " incoming ( accept ) " and then say "blocked ". Think I will contact Zone Alarm and ask their advice. |
heaton (3697) | ||
| 422050 | 2006-01-18 08:38:00 | Incoming (accept) is just techno-babble for the type of Incoming connection being attempted. Google for Incoming (accept) and see if any of the 8,240,000 hits satisfies you. The important thing is that ZA is doing its job and the attempted intrusion has been Blocked without you knowing about it.. You could, of course, configure ZA to advise you of every intrusion attempt but you'd soon get sick of the pop-up window.. If you really want to see what ZA has been doing in the past days click My Computer>Local Disk C:>Windows>Internet Logs and open any ZAlog.....txt file. The number of hits ZA picks up might amaze you but that's what it's there for. You seem to be concerned about something you would never have known about if you hadn't opened the logfile. Let ZA do its job, forget the logfile & enjoy surfing.. |
Dusty (3931) | ||
| 422051 | 2006-01-18 21:52:00 | Incoming (accept) is just techno-babble for the type of Incoming connection being attempted. Google for Incoming (accept) and see if any of the 8,240,000 hits satisfies you. The important thing is that ZA is doing its job and the attempted intrusion has been Blocked without you knowing about it.. You could, of course, configure ZA to advise you of every intrusion attempt but you'd soon get sick of the pop-up window.. If you really want to see what ZA has been doing in the past days click My Computer>Local Disk C:>Windows>Internet Logs and open any ZAlog.....txt file. The number of hits ZA picks up might amaze you but that's what it's there for. You seem to be concerned about something you would never have known about if you hadn't opened the logfile. Let ZA do its job, forget the logfile & enjoy surfing.. Ok I take your point but when I click on ctrl alt delete to see what processes are running I get under the title of sychost.exe the following items running: Local Service 4252K Network Service 3012K System 18868K Network Service 4020K System 4660K System 3836K Did another AVG Pro Scan this morning and no nasties detected. So why the heck are these entries appearing ,indicating that sychost is operating ? |
heaton (3697) | ||
| 422052 | 2006-01-18 23:53:00 | Can you also see svchost in the process list? | Greven (91) | ||
| 1 2 | |||||