Today Avast Network Shield displayed some warnings about blocked websites.
However, I’m not accessing such websites through a browser, the process which is trying to access the URLs is the svchost.exe (I see that in the Network Shield log).
Unfortunately, there are many svchost.exe instances running at same time. Because this program is used by different Windows Services.
There is a way to see the Process ID of the process blocked by the Network Shield or there is another way to identify the svchost.exe owner of the HTTP request?
You might not be accessing those sites, but something (code) on the page you are visiting might be trying to connect to a malicious site. Or something (malware) on your system might be trying to connect to the malicious site.
The svchost.exe it just the messenger and not the originator if the connection.
What are the details of the network shield alert ?
Check the Network Shield detailed view, Customize, Last Attacks, copy and paste. Edit the links so they aren’t active add [Break] after the www before the . see example below.
e.g.
06.01.2009 15:43:45 Network Shield: blocked access to malicious site dns://www[Break].afreecodec.com [ C:\WINDOWS\system32\svchost.exe ]
What were you doing when the alert came up ?
If browsing, can you remember the website ?
These are the Last Attacks:
07.01.2009 00:12:37 Network Shield: blocked access to malicious site dns://ww w.ddlspot.com [ C:\Windows\System32\svchost.exe ]
07.01.2009 00:37:09 Network Shield: blocked access to malicious site dns://ww w.ddlspot.com [ C:\Windows\System32\svchost.exe ]
07.01.2009 00:47:40 Network Shield: blocked access to malicious site dns://ww w.ddlspot.com [ C:\Windows\System32\svchost.exe ]
07.01.2009 01:16:33 Network Shield: blocked access to malicious site dns://ww w.hyperddl.com [ C:\Windows\System32\svchost.exe ]
I’m beginning to think that it has being caused by a program named BlueSoleil.
This is a Bluetooth Device Manager and helps in the connection between them and the computer. Even Headsets works graceful in Windows Vista with it (Microsoft removed the Headset bluetooth profile from Vista).
After I installed it the Network Shield started give such alerts.
And always that I try to connect my headset and play some music a new Network Alert is shown.
I checked all the svchost.exe instances and there is one the has only the “Bluetooth Support Service” and I don’t remember if it was running before install the application.
I’m going to uninstall this application to check if these warning stop.
I’ve even liked this applications because it was the unique way to do my bluetooth headset work on Vista, it seems I will have to use wired phones by now :).
Well avast isn’t the only source to have a dislike for these sites, see below. Though I have no idea what might be initiating the connection, just because it started after the installation of BlueSoleil doesn’t mean this is the culprit. Though I have no idea why it would go to those particular sites.
Thought neither of these reports I would consider a serious malware issue, which avast would add to its blacklist of sites for the installation of malicious software.
You could try uninstalling it and see if it stops, but I would doubt that.
I did a search on BlueSoleil and didn’t come up with anything adverse, the only possible thing would be the source that you downloaded it (?) as some of the sites where it can be downloaded are also flagged by WOT as untrustworthy.