Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more. Dec 12, 2004 Hello all, Can someone explain what C: windows system32 svchost.exe actually does and why it keeps asking to send a UDP to port 1900. I keep denying. C: Windows System32 svchost.exe Steps taken in order to remove the infection: Ran malwarebytes, Roguekiller, and Hitman Pro Need some help to get rid of this. The svchost.exe process is part of Host Process for Services of Microsoft. Here are further details of svchost.exe, and whether it might be a virus or spyware.

Actually i may be wrong with that port. School Text Font. Dat Pass Wifi Tenda W541r. Got my ports mixed up.

It isnt adware. That port is used by Windows SSDP & Windows Messenger (not to be confused with MSN Messenger the chat program), both can be disabled.

Heres more detaills: In XP, the Simple Service Discovery Protocol (SSDP) discovery service searches for Universal Plug and Play devices on your home network. SSDP searches for upstream Internet gateways using UDP port 1900 - a potential security risk many people will want to block. Programs like Nortons Internet Security have a block on Port 1900 built in. If you have a firewall block port 1900 for UDP protocol in and outbound stops SSDP. The Universal Plug and Play Network Address Translation (NAT) traversal discovery used by Windows Messenger broadcasts on UDP 1900 as well. To turn off Windows Messenger's broadcasts using regedit: Hive: HKEY_LOCAL_MACHINE Key: Software Microsoft DirectPlayNATHelp DPNHUPnP Name: UPnPMode Type: REG_DWORD Value: 2 (disabled). Firedancer - as I posted on your thread in security where you helped out more by giving the IP address, it is as Dez has said and is the OS trying to discover other plug/play devices on the network (in this case, your entire ISP) like a web printer or similar.

Block it by all means but also know it is normal and harmless while a little annoying. If your ISP is set up correctly, the packet never gets past their router to the internet and besides, the packet has a limited TTL (time to live or hop count) so it dies quickly enough if it finds nothing and dies immediately if it does find something.

After thought about what Newt says i tend to agree with him, it is pretty harmless and doesnt really need attention. I would just disable being told about it by your firewall.

Putting a block on UDP 1900 may be the only way to shut it up with some FWs. I would still turn off the Service called 'Messenger' in XP and 2000, as it can be exploited by advertisers to pop up ads. Ask for how to do this.

Interestingly Microsoft must have had a lot of feedback about it as Messenger is disabled by default in SP2. It was meant to be used on LANs for admin messages and pop up messages but they figured out how to exploit it from the net ages ago. The internet after all is just a big network you are a part of when online. Didnt take much to figure how to exploit it. I would be very careful about creating a rule taht generally blocks svchost, as many internet programs you want to access the net may not function correctly. Only block that port 1900, not svchost itself. And Joanna, yes i use that command line where needed to remove msn messenger but that it not the same as Windows Messenger.

Windows messenger is a service that when exploited pops up ads in a grey box on your screen in 2000 and XP. Some people may find that command line useful though as msn messenger can be annoying if you dont want it, and the fact there is no uninstall option for it. Dez Bradley, My name is Johanna, with a 'h '. I know the difference between the Messengers. The network Windows Messenger Service that pops up ads on desktops was designed for computer administrators to send notification en masse, and is easily disabled in Admin Tools>Services.

No registry edits are necessary. Windows Messenger,is removed with the above command, and it comes with XP by default, and the IM program is uninstalled in Add/Remove.

If you want to know more about that, do a search on the BBS for 'Messenger' and 'Welshjim '. You can use your firewall to block all online communication for svchost.exe and just about every other kind of MS app, except, of course, the ones you want to use, on a stand alone computer. GenHostProcess does not need the internet, neither does any component of Office, or WE. In fact, looking at my firewall rules, only IE & OE have permission to access the internet, and then, only when I call on them. This does not interfere with the way software, including XP, behaves. In fact, all the software that DOESN'T need to access the internet for MY convenience, is denied access through itself, and Norton. For example, if I want to open a pdf, AA doesn't need to call home.