hi everyone.
I need help to find out if this is legit or not.
i got udp listening on random port over 50000. Maybe its random for me , lets just say different.
I tried to find out what triggers is and with the help of processexplorer i found out its svchost.exe and for that pid i had like 12 services and few other ports. i start stopping services to find out what is making svchost.exe listen to that port and once i killed IP Helper service the port was closed. i tried to check my version of iphlpsvc.dll file with the microsoft one and and think is legit . at laest the size for the version matches .
http://support.microsoft.com/kb/2750841
mine is version : 6.1.7601.17964 with size of 556 KB (569*344 bytes)
i am on windows 7 Ultimate SP1 x64bit
i got Eset Smart Security 7.0 updated.
The thing is i got strange ip's trying to send me inbound traffic to that udp port all the time. i have set my friewall to ask me for each connection that do not have a rule specified.
first question is how those strange ips (i think thats ips of home users not some microsoft ips) knows about my udp port each time when is different. i guess i somehow notify them .
how can i go deeper and find out whats going on ? if this is something legit or lets say i am a zombie of a botnet ?
any help is very appreciated.
btw i scanned my iphkosvc.dll with some scanonline virus site and found nothing.
I need help to find out if this is legit or not.
i got udp listening on random port over 50000. Maybe its random for me , lets just say different.
I tried to find out what triggers is and with the help of processexplorer i found out its svchost.exe and for that pid i had like 12 services and few other ports. i start stopping services to find out what is making svchost.exe listen to that port and once i killed IP Helper service the port was closed. i tried to check my version of iphlpsvc.dll file with the microsoft one and and think is legit . at laest the size for the version matches .
http://support.microsoft.com/kb/2750841
mine is version : 6.1.7601.17964 with size of 556 KB (569*344 bytes)
i am on windows 7 Ultimate SP1 x64bit
i got Eset Smart Security 7.0 updated.
The thing is i got strange ip's trying to send me inbound traffic to that udp port all the time. i have set my friewall to ask me for each connection that do not have a rule specified.
first question is how those strange ips (i think thats ips of home users not some microsoft ips) knows about my udp port each time when is different. i guess i somehow notify them .
how can i go deeper and find out whats going on ? if this is something legit or lets say i am a zombie of a botnet ?
any help is very appreciated.
btw i scanned my iphkosvc.dll with some scanonline virus site and found nothing.