Application to block a a service getting internet access?

M@crosoft

M@crosoft

The Weather Man !
Level E
hey guys
are there any softwares which could help me block some unecssary services from getting access to internet?

i have rootkit in my netbook which uses some svchost.exe to download something without my knowledge in the background:S

can't format the netbook and failing to remove the rootkit by rootkit revealer,etc:(

help!
thnnks
 
Won't it be best if you track down and remove the rootkit first. Use utilities from system internals to track, trace and delete root kit first.

Not removing a root kit and deploying application to block it - looks bad.
 
^ I agree, although rootkits are not always easy to get rid off.

Once it has planted its 'roots' deep into the OS, rootkit scanners become rather ineffective and the only solution would be to format the drive, for a clean install of Windows.

Nevertheless, still worth a try. Here are some popular rootkit removal tools...

Sophos Anti-Rootkit

Trend Micro Rootkit Buster

McAfee Rootkit Detective

GMER

RootkitRevealer

And yeah, install an 'effective' firewall program on your computer.

Comodo is a good choice.
 
The best software to block a particular application to download stuff is Netbalancer , use the trial version ,but u have to use some effective antivirus to get rid of it
 
i know this sounds stupid but i installed COMODO 2 mnths before to get rid of the same problem but the rootkit became more active after the installation of COMODO and downloaded with greater sppeds:S

so i decided to remove it and i don't know why the rootkit became inactive after the removal of COMODO

now i am facing the same problem after 2 straight mnths:(

Another thing is that i tested my netbook with rootkitrevealer and my netbook freezes during the scan (after finding 2 rootkits)

same i did with hijackthis and here the log-

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:27:48, on 14-07-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\USB Safely Remove\USBSRService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ChgService.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NetLimiter 2 Monitor\NLClient.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\PersistenceThread.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Tata Photon Whiz\Aide.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

C:\Program Files\NetMeter\NetMeter.exe

C:\Documents and Settings\PUSHP MISHRA\Desktop\icons\ashut21\AutoShutdown\autoshutdown2.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\WINDOWS\system32\igfxext.exe

C:\Documents and Settings\PUSHP MISHRA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PUSHP MISHRA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PUSHP MISHRA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PUSHP MISHRA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PUSHP MISHRA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PUSHP MISHRA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=ao751h

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=ao751h

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=ao751h

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=ao751h

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [Google Desktop Search] :"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Aide] "C:\Program Files\Tata Photon Whiz\Aide.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdloader] :"C:\Documents and Settings\PUSHP MISHRA\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [msnmsgr] :"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Messenger (Yahoo!)] :"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup

O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] :"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [AutoShutdown] C:\Documents and Settings\PUSHP MISHRA\Desktop\icons\ashut21\AutoShutdown\autoshutdown2.exe

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: ~Disabled

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1264845258703

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Bhuvan\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe

O23 - Service: EOVEAVXC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\PUSHPM~1\LOCALS~1\Temp\EOVEAVXC.exe

O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: IRXFCG - Unknown owner - C:\DOCUME~1\PUSHPM~1\LOCALS~1\Temp\IRXFCG.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MHYVXCA - Unknown owner - C:\DOCUME~1\PUSHPM~1\LOCALS~1\Temp\MHYVXCA.exe (file missing)

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: QOHAKQOYWDU - Unknown owner - C:\DOCUME~1\PUSHPM~1\LOCALS~1\Temp\QOHAKQOYWDU.exe (file missing)

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe

--

End of file - 9052 bytes
Click to expand...
 
In situations like these, it will be best to nuke from space :) ie., format the system after a good backup.

Otherwise, you can use utilities from systeminternals to monitor files in windows startup, manually check their validity, remove them and their causations, etc. systeminternals website have several monitoring tools which may aid you.

Before running utilities, uninstall or exit all un-necessary utilities from system and system startup.
 
set the bandwidth to something like 1kbps! I guess that does the job...
Click to expand...
how to do it?:ashamed:

This is the process where i usually get an incoming(green coloured) connection downloading uselessly!
 

Attachments

  • com.JPG
    com.JPG
    43.7 KB · Views: 71
ZoneAlarm! ZoneAlarm! ZoneAlarm! Use it and whenever any service try to get internet access, you will be showed a message with service name and 'Allow' and 'Deny' button.. :)
 
^^that service is already in access with internet.....it's svchost.exe and i suppose it's needed for the internet to work???

^^You are using too old version. I'm using the NetLimiter 3 Pro version.
Click to expand...
thnks ! 3.0 version works great:D
 
Back
Top