It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by andy06shake
That svchost.exe can be a real resource hog sometimes, guess now we know why!
When I seen your title with the word RELOADED in it I thought it had something to do with the scene group. LoL
Originally posted by DAVID64
reply to post by SLAYER69
Just tried it. Everything is running fine so far. Restarted and when it came back up, I opened a browser and bounced around to a few sites. If anything, it seems a bit faster.
I've been going to ShieldsUP for about a year or so to check my computer and I always get this: THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)
edit on 15-7-2013 by DAVID64 because: (no reason given)
Originally posted by SonOfTheLawOfOne
Originally posted by sean
How is it way off base? I am just showing people that connections happen all the time with or without their knowledge. I am not saying this is a backdoor in this case, however and many viruses that do gain remote access use such ways. I know exactly what the service does, just like you said and what it's used for. You're preaching to the choir. You don't even find it odd in the slightest that a crypto service is connecting to a unencrypted server to send/receive data??? Not saying it's a back door but this connection should in the least be investigated for security risks. Who's to say I can't intercept and inject my own nefarious code??edit on 15-7-2013 by sean because: (no reason given)
There is no way to inject nefarious code into the crypto service call that goes out to Microsoft. You can see this by disassembling the DLL in Visual Studio or the Windows Debugger (Win Debug).
The service that is called is on a Microsoft secure server that only stores hashes of the assemblies that the crypto service checks. The stream being sent over the wire is a simple call that involves a callback to the DLL on your computer with a strongly typed interface between the two servers so that only hash keys can be returned for comparison, not code or SQL queries or injectable code. There is nothing that can be injected into this code because it only understands and accepts one type of reply, which is usually an MD5 one-way hash.
Like I said, if it could be hacked, it would have been, and if there was anyway whatsoever that a hacker could expose it and brag about it, it would have been done. If you want to know more about it, look at the code yourself in a decomposition tool like Win Dbg.
~Namaste
Originally posted by Evil_Santa
reply to post by sean
This is so bizarre, that you seem to know a bit about computers with your CLI abilities, but don't know that the network service is a built-in windows account.
Really really weird. What's your angle?
yup and if you want to see what process are running in your svchosts just use program called ProcessExplorer
Originally posted by supermarket2012
Originally posted by andy06shake
That svchost.exe can be a real resource hog sometimes, guess now we know why!
When I seen your title with the word RELOADED in it I thought it had something to do with the scene group. LoL
Actually, svchost.exe is sort of like a shell that is used by windows to run MANY different services.
That is why , on any given machine, you have can have 1-10+ instances of svchost.exe running at any given time.
To be more specific, specific host processes that windows uses, are run within svchost.exe. So basically, each different svchost.exe that is loaded, is a different process. You can consider svchost.exe the vehicle which the windows service/process uses to run.edit on 7/16/2013 by supermarket2012 because: added more info
Apparently no one else finds it odd for a service account that has a 15 character salted password connecting to a normal http web server.
I use MacOSX, isn't that UNIX-based?