David H. Lipman wrote:
> From: "Raffi" <thegrizzzly@yahoo.com>
>
> | First off sorry for cross posting. I'm not sure what this is although
> | it resembles a trojan.
> |
> | I noticed heavy activity on my router as well as my workstation LAN
> | connection icon in the tray. After some digging appears to be a svchost
> | process that is listening on port 53 with a remote address of my ISP's
> | DNS server. My router is not set to forward DNS traffic to a specific
> | system.
> |
> | I have run the following without any success in catching this bug
> |
> | AntiVir antivirus
> | Avast antivirus
> | Spybot S&D
> | Ad Aware
> | AVG antispyware
> |
> | I got the following information for the related process from Port
> | Explorer
> |
> | Command line: c:\windows\system32\svchost.exe -k Network Service
> |
> | Any help in identifying this bug and cleaning will be greatly
> | appreciated.
> |
> | Thanks,
> | Raffi
>
> Yaeh exxcessive Cross-Posting for Domain Name Resolution !
>
> Unless you can prove that there is something causing DNS calls outside your ISP Domain, this
> is NORMAL.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

It turns out it wasn't normal. I had recently installed a P2P program
on my PC and it had added a ton of entries in my hosts file. I'm
surprised none of the spyware programs gave me even the slightest
warning about these entries.

Raffi