Windows 8 and 8.1 Forums


possible Hijack/virus..

  1. #1

    possible Hijack/virus..


    I think I have something very fishing going on.

    I can browse the internet fine but My firewall keeps popping up to connect to svchost.exe odd ports...

    pictures provided.. I've started to run a lot of anti-rootkit/virus programs and it occasionally finds things that I ofcourse fix..

    I feel like I've installed something or clicked things that are hijacking my firefox..

    the best example I've seen is different home pages when I start firefox up.. and taking long time to connect to websites etc.. slow download speeds.. so I know something is up..

    How do I go about defusing the situation with possible hijacking ..

    I will eventually probably just reinstall windows clean.. but is there anything I can do now.. I do have a lot of programs installed etc..

    Click image for larger version



    Click image for larger version

    Click image for larger version

      My System SpecsSystem Spec

  2. #2


    As you can see from my pictures, I have Svchost.exe already allowed by default windows firewall rules..

    so why is svchost.exe trying to connect more? I know this is a red flag.. especially the ports its trying to connect to..
      My System SpecsSystem Spec

  3. #3


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    Can be software you have trying to connect, but firewall is blocking it. As you think, yes, a virus can hijack a svchost.exe.
    Look here too How to remove SvcHost.exe virus (Malware Removal Guide)
    As shown here need open location. Use Task manager.

    What exactly did you run to scan ? Added any new extensions or plug-ins to Firefox ? Run Firefox with all disabled or reset it. Should use Adblock plus for Firefox too. Windows Firewall and what else do you use as Anti-Virus? Try Windows Malicious removal tool full scan, MRT.EXE at run. Use Malwarebytes.
      My System SpecsSystem Spec

  4. #4


    Posts : 446
    Win 8 64-bit


    I think I have something very fishing going on. I can browse the internet fine but My firewall keeps popping up to connect to svchost.exe odd ports...
    The ones you posted don't seem abnormal.

    - Outbound connection from svchost.exe to 93.184.215.200 Port 80 (EdgeCast)
    - Outbound connection from svchost.exe to 184.51.112.80 Port 80 (Akamai)


    Akamai and Edgecast are both high-end CDN networks. As they are CDN's, the IP address alone won't tell you anything, and it's not possible to know what svchost is requesting from them without capturing the traffic with something like Wireshark/Microsoft Message Analyzer and looking to see what it's doing exactly. However it's not abnormal to see connections from svchost to these companies and in all likelihood it could just be checking Certificate Revocation Lists.

    - Outbound connection from svchost.exe to 224.0.0.252 Port 5355 (LLMNR)

    That's for Link Local Multicast Name Resolution, which is normal as well. In all probability it will also make outbound requests to ff02::1:3 Port 5355 too (for LLMNR IPv6).

    As you can see from my pictures, I have Svchost.exe already allowed by default windows firewall rules.. so why is svchost.exe trying to connect more?
    From the screenshot you posted, I can't see the details of the rules that you have set for svchost. However it's likely that they're set for different protocols, addresses and ports. For example, your "Core Networking - DNS (U..." rule will be UDP out to Port 53, which is obviously totally different to TCP out to Port 80, etc.

    the best example I've seen is different home pages when I start Firefox up.. and taking long time to connect to websites etc.. slow download speeds.. so I know something is up.. How do I go about defusing the situation with possible hijacking ..

    I will eventually probably just reinstall windows clean.. but is there anything I can do now.. I do have a lot of programs installed etc..
    If you suspect something isn't right, then you can't go wrong with going down the lines of a clean reinstall of Windows.
      My System SpecsSystem Spec

  5. #5


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    Nice find and explanation ARC1020. Feel reinstall will probably put these back on unless OP knows reasons why they are there in first place, by what's installed on system now.
      My System SpecsSystem Spec

  6. #6


    I'll answer more after I eat but really quickly, I have the default windows firewall Rules set for svchost.exe.. so with the "default" windows 8.1 firewall rules why is svchost.exe trying to connect with more ports? that is what disturbs me..

    I assume the default windows firewall rules allow all the svchost.exe needs to connect.. so why is there all the sudden more needing my approval?

    I'll answer the rest later.. too hungry.. gotta eat.

    thanks for replies though..
      My System SpecsSystem Spec

  7. #7


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    Bit above my knowledge of svchosts, but reinstall put back all stuff have now chances it will be back, unless it's something different thne installed software. YW
      My System SpecsSystem Spec

  8. #8


    Quote Originally Posted by ARC1020 View Post
    I think I have something very fishing going on. I can browse the internet fine but My firewall keeps popping up to connect to svchost.exe odd ports...
    The ones you posted don't seem abnormal.

    - Outbound connection from svchost.exe to 93.184.215.200 Port 80 (EdgeCast)
    - Outbound connection from svchost.exe to 184.51.112.80 Port 80 (Akamai)


    Akamai and Edgecast are both high-end CDN networks. As they are CDN's, the IP address alone won't tell you anything, and it's not possible to know what svchost is requesting from them without capturing the traffic with something like Wireshark/Microsoft Message Analyzer and looking to see what it's doing exactly. However it's not abnormal to see connections from svchost to these companies and in all likelihood it could just be checking Certificate Revocation Lists.

    - Outbound connection from svchost.exe to 224.0.0.252 Port 5355 (LLMNR)

    That's for Link Local Multicast Name Resolution, which is normal as well. In all probability it will also make outbound requests to ff02::1:3 Port 5355 too (for LLMNR IPv6).

    As you can see from my pictures, I have Svchost.exe already allowed by default windows firewall rules.. so why is svchost.exe trying to connect more?
    From the screenshot you posted, I can't see the details of the rules that you have set for svchost. However it's likely that they're set for different protocols, addresses and ports. For example, your "Core Networking - DNS (U..." rule will be UDP out to Port 53, which is obviously totally different to TCP out to Port 80, etc.

    the best example I've seen is different home pages when I start Firefox up.. and taking long time to connect to websites etc.. slow download speeds.. so I know something is up.. How do I go about defusing the situation with possible hijacking ..

    I will eventually probably just reinstall windows clean.. but is there anything I can do now.. I do have a lot of programs installed etc..
    If you suspect something isn't right, then you can't go wrong with going down the lines of a clean reinstall of Windows.

    Ok well I dont' know if this helps but like I said, I reset windows firewall and then just left "core networking" all "allowed"

    I imagine windows knows what svchost.exe connections it needs to allow from the default right?

    my point is, Why does svchost.exe need to connect to anything I dont' care what it is on ports like 52390 etc.?

    here is my latest try to connect picture..

    Click image for larger version


    anyway, here is my rules allowed..

    Click image for larger version
      My System SpecsSystem Spec

  9. #9


    I also turned off ipv6 and file sharing ect.. Anyway i'm basically wondering why after resetting the default windows firewall - svchost.exe still has connections its trying to make..

    So after I reinstall windows clean, am I going to see svchost.exe trying to connect like this ?? and i'm talking before I install any of my programs..

    (also to install windows clean, do I need to actually wipe the drive or just a "quick" reformat like windows does when installing..)


    Click image for larger version
      My System SpecsSystem Spec

  10. #10


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    What is svchost.exe And Why Is It Running?


    Do not think disabling stuff on the network is way to go about it, first need locate programs involved.
    Akamai is used as a download manager for certain program too.
      My System SpecsSystem Spec

Page 1 of 3 123 LastLast
possible Hijack/virus..
Related Threads
I've been cleaning up a badly infected Windows 8 computer. So far I've done scans with MBAM Pro and Hitman Pro. Both found a mix of pups and more serious malware (including one rootkit), and were able to remove all detected items. I've run Ccleaner and also manually emptied the temp folders. ...
IE App Hijack in Browsers & Mail
www.flv-org/lp/flv/update/index.html?ref=swmms&site_id=277077 has hijacked the app with this "Message from webpage" Warning!!! Your FlashPlayer Version is outdated, have Security Risks. Please Update Now! The problem is that none of the commands on this page will work other than OK (I assume)...
Read more at: Chrome to warn of possible settings hijack | ZDNet
Solved Trouble with browser hijack in General Support
I have a problem with a program QVo6 that has hijacked my browser along with Globososo. Anybody know how to get rid of, I have tried a few things and removed all registry items with name. plus run a couple of malware programs. iknownuffin70
Read more at source: Microsoft issues fix for IE flaw that could allow PC hijack | Security & Privacy - CNET News
Eight Forums Android App Eight Forums IOS App Follow us on Facebook