Security Basics mailing list archives

Re: Port scan and scvhost overload

From: "Salvador III Manaois" <badzmanaois () gmail com>
Date: Sat, 18 Oct 2008 00:55:05 +0800

I'm quite interested in and would likely focus on the svchost.exe
invoked services as one of them, most probably, caused the reboot.
Furthermore,I suggest you check if any crash dump was generated when
the machine rebooted; if there is, you can run this against a debugger
(windbg) to identify the faulting application/service.

Back on the svchost.exe instances, I would suggest running tasklist or
Sysinternals' Process Explorer to isolate which service/process is
linked to which scvhost.exe instance. It could very well be a malware
or a leaky application which caused the reboot. The following links
provide more detailed information on using tasklist and Process
Explorer in isolating processes/applications/services/DLLs tagging on
a svchost.exe instance.

Regards,

Salvador Manaois III
MCSE MCSA CEH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com

Current thread:

Port scan and scvhost overload reporting4booty (Oct 16)
- RE: Port scan and scvhost overload Prodigi Child (Oct 16)
- RE: Port scan and scvhost overload Murda Mcloud (Oct 17)
  - RE: Port scan and scvhost overload Prodigi Child (Oct 17)
  - RE: Port scan and scvhost overload Richard Golodner (Oct 17)
- Re: Port scan and scvhost overload Salvador III Manaois (Oct 17)
- <Possible follow-ups>
- Re: RE: Port scan and scvhost overload robbie_b_ (Oct 17)
- Re: Re: RE: Port scan and scvhost overload reporting4booty (Oct 17)
  - Re: Re: RE: Port scan and scvhost overload Salvador III Manaois (Oct 20)