I have this mystery application permanently denied access to the internet and have no trouble whatsoever with 'net access. I still have the feeling I don't know what it DOES or why...

0

...oops, let me add I have it denied as a SERVER. When it's completely denied it does block access to certain websites... still looking for a great answer! :-)

0

OK came up with an explanation that makes some sense: "This is what ZoneAlarm complains about while connected to the internet. “SVCHOST.EXE” is “Generic Service Host.” What that means is it is a “host” for other processes or services. If your internet connection seems to “no longer work,” it is due to you disallowing various “required” functions to no longer access the internet. A big one is “DNS Lookups” and HTTP. With DNS lookups disabled, you will no longer be able to type in “blkviper.com” but you will always be able to type in the IP address of the systems. The internet connection is still working, but you are blocking a “vital” part of the process for surfing web pages. With HTTPTCP Port 80 blocked, you will not be able to access any web site. As to whether or not “you” need the particular process to access the internet or act as a server is completely dependent upon your computer configuration, your software installation, and what you are doing at any given time. Only you can make the decision about if “you need this to access the internet” or not. Generally speaking, the following ports and services should NOT be blocked: DHCP: UDP Port 67 and 68 (block both outbound and inbound only if you have a static IP address) DNS: UDP Port 53 (allow only outbound; disable inbound unless you have local DNS server) HTTP: TCP Port 80 (allow only outbound; disable inbound unless you have local web server) HTTPS: TCP Port 443 (allow only outbound; disable inbound unless you have local web server) Generally speaking, the following ports and services SHOULD be blocked, “outbound and inbound": NetBIOS: UDP 137 RPC: TCP 135 UPnP: UDP 1900 UPnP: TCP and UDP 5000 If you block a port and something breaks, reenable the blocked port and see if it is fixed. Easy as that. :)"

0

recetnyl i have been getting a gneric host process win32 or something like this error message everyt time that i log onto the internet, susequently howevever my pc will shut down with a countodown of oen minute, can someone please explain what is happening? i did since then place a firewall and this does not occur so am i safe from this ms spyware now?

0

I'm having the same problem as naumaan where there error message comes up and the one minute countdown occurs. Any explanations would be great.

0

Dont know alot about computers but i think it is a virus you have picked up. Seems like there are alot of people with this problem today download patch from here http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp then run a virus check. Hope this helps.

0

I am getting same prob as them, i took my comp to best buy today and they ran virus checks and stuff and couldnt find any thing, so they had to erase and uninstall XP and make it a fresh start, though i paid 60$ for that, i am still getting the error, what the hell is with this? please give me some help, and btw, the people at best buy said there has been many people with this problem and calling in, they think its a virus.

0

I have downloaded http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp The XP the 32 bit one i believe its the correct one cause the 64 bit wouldnt install, but any ways i installed it and restarted comp and thought it would have got rid oWindows NT/2000/XP 1-To end the Trojan process: 2-Press Ctrl+Alt+Delete once. 3-Click Task Manager. 4-Click the Processes tab. 5-double-click the Image Name column header to alphabetically sort the processes. 6-Scroll through the list and look for msblast.exe. 7-If you find the file, click it, and then click End Process. And i still found that Msblast.exe file, EVEN after i downloaded patch... whats with this? how do i fix it for good so its not there any more? and disable the ports so this cannot happen again?

0

Hey Naumaan. What software did you install to get rid of the Generic Host problem. I am having the same problem and just want it to go away. Thanks~

0

where did you all here about this.......cause to me and a friend it seems more like a virus and they want to blame it on windows to get money while harming people..............

0

I installed the XP Hotfix and now the problem has gone away.

0

Where do download XP Hotfix?? I have the same prob??? Started Today

0

hi people go onto http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp and then downlaod the 32 bit patch and this should solve the problem. it is also a good idea to install a firewall on your internet connection as this error message is due to someone trying to get into your computer.. but generic host wotever it is called is also a spyware tool for micrsoft apparently, so who knows maybe its bill gates himself trying to get into our pc's. ps also get rid of the msblast.exe file as soemone has already said

0

This problem was kicking my ass last night. Ran Norton three times doing a full system scan and it found no viruses, was even getting past a firewall I had that I thought was quite good and was highly reccomended to me. In the end I just used Windows XP ICF (firewall) and it's stopped the problem temporarily, but I know that if I disable the firewall for whatever reason, the countdown will start again and I'll be in the same position. I haven't yet installed the patch but I will do. With regards to msblast, I noticed this last night. This is also something to do with tftp.exe. If you try to delete both the files, something recreates them immediately or the next time you start Windows. This also happens with a file I've never noticed before now called blackbox.dll which can all be found in the system32 folder. I've managed to delete them because I did it in safe mode and whatever process it was recreating the files isn't active but I bet there's still an underlying problem. Anywho, I'll download the patch. Thanks for the info guys.

0

You should also download the FixBlast to remove msblast ! http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

0

Yes, download the Fixblast.exe from Symantec (makers of Norton Internet Security/AntiVirus), that works well. After scanning it gives you the link to the MS patch download page. Be sure to turn off system restore while running these tools, and afterwards switch it on again (otherwise the virus MS Blast can return!). It was in the news headlines on TV here (Netherlands) yesterday: it is a dangerous virus, spreaded over thousands of computers not running a good firewall. So use a proper firewall, then this wouldn't happen to you! I had the infection on two computers in my 3-pc network. The virus can travel over a local subnet! So if you are running a local network, disconnect cables or disable the network before scanning, re-enable after scanning/fixing in order to download the patch from MS from the web. Good luck! Regards, Arno http://FlightsimAviation.com http://newsmanager.biz

0

I downloaded the patch but when i tried to run it for windows xp 64 bit it had an error and would not extract the patch, it said that a certain .exe file was not a valid win32 application or something to that effect. does anyone know what is going wrong here?

0

Christ, people - do a little research. This "generic host process" that your firewalls are complaining about IS svchost.exe. What svchost.exe does is to provide a centralized "host" process under which all of Windows' services are run on any WinNT based Windows OS (NT/2000/XP/2003). Open up "msconfig" and check the services tab. ALL of the Microsoft services that are running will be running under one of the instances of svchost.exe that are running in the background. Type "tasklist /svc" at a command prompt (start -> run -> "cmd")to see exactly what services are running under which instance(s)of svchost.exe. That said, there is absolutely NO reason to block any OUTBOUND requests from any of these services. And, for the record, these are NOT spyware - they are the core of the Windows NT/2000/XP operating systems. MS does not collect personally identifiable information, nor do they sell that information to 3rd party companies. This spyware rumour/lawsuit/whatever you want to call it was over MSN's search engine (which is the default search engine that IE uses when u type in an unknown url). Originally, the company that ran the search engine (which, btw, was not even MSN themselves) did collect some web browsing history from visitors. Whether they still do or not I don't know and don't care, as anyone with half a brain has already switched their default search engine to Google. As far as I am aware, there is no spyware within the MS operating systems themselves - especially not within the OS's core services (not even producgt activation will be able to determine your identity unless you volountarily (and optionally) registered your copy of XP with Microsoft). Any third party services running under the svchost.exe process are unknown - contact the manufacturer of that service and inquire, if you are so inclined - or just disable it. Better yet, get adaware and/or spybot search and destroy and find out for yourself if the damned thing is spyware or not. Now, as for any INBOUND connection requests to the generic host process, that's a different story. That is another machine trying to access one of your running services from a remote location - and is unsolicited (meaning that the connection is not being made in response to a request originating from your own machine). To the best of my knowledge, there are no legitimate reason to accept an inbound request to the generic host process. Even a DHCP request is initiated by YOUR machine - not your ISP's servers (but, if in doubt, tracert the IP that the connection is comming from - is it your ISP?) In a nutshell: if you recognize the IP address of the machine trying to connect, then accept the connection at your own risk. If you do not recognize the IP, then block it. As for this Blaster worm, if you have not already researched this worm, do so at: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html This worm exploits the RPC endpoint mapper, which is one of the many services that are running under the generic host process. It is altogether likely that the majority of inbound requests to this generic host process are people scanning your machine to see if you have not yet downloaded the patch to correct that vulnerability (remember the one that was plastered all over CNN/NBC/any other major american news networks a few weeks ago?). If you don't visit www.windowsupdate.com regularilly to download the "critical updates" then you probably do not have this vulnerability patched yet - meaning that if allow this connection request through, you stand a good chance of becomming yet another happless victim of the Blaster worm, and should check out the removal tool (also on Symantec's site) and Windows Update ASAP. It is important to note that running the removal tool and/or patching the RPC vulnerability will not cause this "error" to go away - as the "error" is the feature of your firewall that lets you know that something wants either into or out of your computer. Being patched for the RPC vulnerability does not mean that people are going to stop scanning your machine to see if you are still vulnerable or not - so you are not going to stop receiving the notifications when this occurs. The reason that using XP's ICF (Internet Connection Firewall) "fixes" this "error" is because: a) ICF has absolutely NO outbound program access control. This means that it does not prevent or monitor any connection attempt comming FROM your computer. You will receive no notification(s) of programs trying to access the internet FROM your machine (this includes any adware and spyware clients if you have been dumb enough to install them). b) ICF does not report incomming connections. If you do not have ICF configured to forward the connection through, then the connection is refused silently (meaning that you receive no popups or any other indications that a connection attempt had been attempted). The good news there is that if you have not specifically configured ICF to allow connections on a specific port, then connection attempts made from a remote system WILL BE DROPPED. ie: you will not become infected with the blaster worm (or any other trojan or worm) unless you have configured ICF to accept unsolicited inbounds through the specific ports used to access a vulnerable service. To sum up, in order to protect yourself from outside attack, do the following: 1) Go to Windows Update and download all the CRITICAL updates on a REGULAR basis (ie: weekly, at the . Only the critical updates deal with security/vulnerability issues. BTW: install the 32bit versions of the patches if you are installing updates directly from MS security bullitins. If you need the 64bit version, trust me you'll know. You would have paid through the nose for an Itanium processor if that were the case (so far the only 64bit PC CPU - available primarilly to the business market for use in HIGH end servers). 2) Install a firewall and learn how to use it propperly (ie: RTFM). An improperly configured firewall is useless. A firewall is also useless if you do not understand the feedback it gives and the options it has. 3) Install a comprehensive antivirus solution. Remember to UPDATE THE VIRUS DEFFINITIONS REGULARILLY (ie: at LEAST once a week) - otherwise you might as well uninstall the antivirus software as it is useless if not kept up to date. In order to detect the Blaster worm at all in Norton's Antivirus (for example) you need the virus deffinitions that were released on Aug 11 2003. Virus deffinitions released before this date are blissfully ignorant that the Blaster worm exists at all, and won't detect it. That's it. The only way to get more comprehensive security on your computer is to physically unplug your connection to the internet. That is unless you wish to do some studying and become a netowrk security specialist (or a hacker, for that matter). Sorry for the long read - this didn't start out to be a novella - but I hope it can put this issue to rest. Remember: the sucurity of your computer system is YOUR resposibility. If you do not know how to do this effectively, then either do some learning, or hire someone who already has. There is no quick answer to the problem of computer security other than to disconnect it from the internet (and any other networks for that matter) and lock it in a vault. Cheers, Zaphod

0

Zaphod :nice one,that's all i wanted,cheers.

0