| Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free! |
DSO Exploit & Generic Host Process
|
Original Message
|
Name: RSRS
Date: December 18, 2003 at 14:21:38 Pacific
Subject: DSO Exploit & Generic Host ProcessOS: XP ProCPU/Ram: 2.8/512 |
Comment: Hello everyone, Last night, Spybot found something called "DSO Exploit" on my PC and I would like to know if it was responsible for running a second instance of "Generic Host Process for Win32 Services". Immediately after every bootup, Zonealarm would send me a message asking if I wanted to allow it to access the internet. Zonealarm said: The destination IP is 255.255.255.255:DHCP.
Application: svchost.exe
Version 5.1.2600.0 (xpclient.010817-1148) I found out that 2 instances of "Generic ..." were running when I looked in the corner of the Zonealarm window (next to the picture of the big lock). When I moved my cursor over to the first one it told me that it was watching ports 1003 and 1004 - I'm not 100% positive those are correct numbers, but I'm sure it mentioned 2 ports and that they ended with a 3 and 4 respectively. The other one (the one that's running right now) just says the name "Generic Host Process for Win32 Services." Am I just paranoid? Am I blocking a security feature of either Windows or Zonealarm by not letting it watch those 2 ports? Please help me understand.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: RSRS
Date: December 18, 2003 at 15:00:26 Pacific
|
Reply: (edit)Sorry, it was 3001 and 3002. I just rebooted to make sure I got the numbers right. I can't believe I was so off. Sorry again. Well, I let it go through this time, and Zonealarm says: Generic Host Process for Win32 Services
Blocked from listening to port(s): TCP: 3001, 3002
 Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: RSRS
Date: December 18, 2003 at 20:34:42 Pacific
|
Reply: (edit)I tried them both and it looks like I was just paranoid. I also put a post on Zonealarm's forums to see if they could shed any light on this program, and they didn't seem too concerned. Here's the response: "The DSO or Data Source Object is simply an exploit that effects Internet Explorer. You do not need to worry about it because you use Mozilla and spybot S&D fixed it. Generic Host Processes is something that all XP users have. As long as you check for viruses and deny the program server rights, you should be fine." http://forums.zonelabs.com/zonelabs/board/message?board.id=CommonPrograms&message.id=2179
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: iceblue
Date: December 19, 2003 at 02:07:02 Pacific
|
Reply: (edit)The DSO exploits have nothing to do with the generic host services.
It's totally safe to have SpyBot fix these. It just makes a couple of tiny registry changes in order to patch this vulnerability.
And you can have 4 or 5 generic host processes running simultaneously as part of normal operations. Agree with deny server rights.
Play safe and update all windows and IE security related updates.
Report Offensive Follow Up For Removal
|
Post Locked
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
Go to Security and Virus Forum Home
