What to do with SPF questions?

My computer is working fine now, thanks to your website and especially the help I got from Chas.

But, every time I connect to the internet the sygate firewall pop up some windows asking me whether I would allow certain access. Since I'm not a computer wizard, the computer language is posing a problem for me to make the right decision. Could somebody please tell me what the following means, and are they safe to be allowed?:

"Generic Host Process for Win32 Service (svchost.exe) is trying to broadcast to [239.255.255.250] using remote port 1900 (SSDP-Simple Service Discovery Protocol). Do you want to allow this program to access the network?"

"Generic Host Process for Win32 Service (svchost.exe) is trying to connect to wpad [64.136.21.190] using remote port 80 (HTTP:World Wide Web). Do you want to allow this program to access the nerwork?"

Your answers are appreciated.

 

Hi Chas, thanks for your reply.

Yes Juno is my ISP. Regarding multicast IP address, I haven’t use my PC to watch movie or anything like that, I guess next time I should just press the “No” button for this one.

How about MVPS.org (209.68.48.119) and crl.thawte.com (12.158.80.10)? What are they? Are they safe?

I read on this site about using the “hosts” file to block unwanted sites. I managed to find one in my computer and opened it with wordpad. It looked something like this:

# Copyright (C) 1998 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP stacks for Windows98
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
# For example:
# 102.54.94.97 rhino.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 ZillaPopupKiller

Can I just add those unwanted host names beneath the ZillaPopupkiller line?

Thanks again, a lot!

 

Found them in temp files while trying to clean my system.

Thanks for your good advice.

No. But when I had my computer fixed by a professional the first time when I had a viral atttack, I noticed it popup in my screen. And it said, "ZillaPopupKiller: Sorry, but some files have been corrupted, you have to re-install the program". I tried to follow the link to re-install from the internet, but decided to terminate for fear of malware. Then I removed the program from my system. Not sure how it got into the hosts file.

 

crl.thawte.com (12.158.80.10) was from Sygate firewall popup query for permission to allow or block connection. MVPS.org were files found during diskcleaner via start/control panel/IO/setting/view files. Now I remembered that I had visited the MVPS website regarding hosts files from links thru this website (on hosts file). I suppose they are safe.

I'm trying to get used to how to use SPF. Everytime they asked a query, and if I said no then I couldn't open a browser to a link. For instance, while I was at this website SPF asked whether I would allow a connection. I selected "no" when I saw the detail with "google" as a remote host. Then when I tried to log into this site, the browser won't open. I also saw the SPF system tray icon blinking. When I looked at the security log, it said, "Somebody is scanning my computer" and these two logs were found:

"10/18/2005 23:41:00 Port Scan Minor Incoming TCP 4.226.57.163 06-00-20-00-06-00 ..."


"10/18/2005 22:58:28 Executable File Change Denied Major Outgoing TCP 64.233.161.104 06-00-20-00-06-00 ...
Application has changed since the last time you opened it, process id: 1288. File name: C:\Program Files\Internet Explorer\IExploer.EXE. The change was denied by user".

I didn't know how to undo the block. I had to log off from the internet and re-log in to get into this site.

I have a question regarding "How to Protect yourself from malware". When I was performing the virus/spyware/trojans removal procedure per "READ ME FIRST...", I had to create a folder on C:\drive for the tools/utilities and downloaded several tools such as Ad-Aware SE, Ad-Aware VX2 Cleaner Plug -in, CCleaner, Spybot, SpywareBlaster, Stinger, CWShredder, Kill2me, and about:BlusterH.

Now since I had removed the infection from my system with your help, do I uninstall those extrs tools from my computer, and only install those recommended in your "How to Protect yourself from malware"? If so, can I install them on my desktop instead of C:\new folder for spyware tools?

Regarding Sun Java, can I remove the google tool bar feature to lighten my system memory? Another question, I have a program called KazzaaLite, and I've heard Kazaa program may harbor spyware during file sharing, do you think it is safer if I remove them?

Thanks in advance for your answers.

 

Thank you, Chas for your kind advice!

Regarding google toolbar, it came with Sun Java from the download at this site ( in "How to Protect yourself from malware"). It seems to slow down my computer somewhat, otherwise no problem.

For my notebook, if I want to switch back from XP Pro to ME, would it be something I can manage by myself? I still have the CD for ME old edition. I didn't receive notice of the new upgrade. Do you think I can still request one from Microsoft?

 

Well, I was trying to gather info so I could make a wise decision. Apparently, it is better to leave it as it is and hope I could add some more RAM in the future when I have the money.

I really appreciate your prompt replies and your great help. Have a great day!