what is the best firewall????

Yep, thanks Monger!

Damn! I have downloaded that twice - each time, just as it finished loading, it said "error" and then pretended it had downloaded nothing!

I will try via IE tomorrow....sigh.

Hmmm - actually, it said the copy was corrupted.....

Deb, didja mean it gives you an error when trying to install the file you downloaded? Post the full message here and mebbe I can try to help.

Ok, I'm sorry, can I allow in "Generic Host Process for W32 Services"?

Did it ask if you'd allow it out? If so, yeah it's normal. It's just Windows phoning home. Personally I would select no (just because I like to severely limit outbound connections), but if you do that and loose your Internet connection you'll need to go back to program control & give it access.
Hope that helps.

Hi Monger. It says:

Generic Host Processing for Win32 Services is being connected by the remote machine [###...] using local port ###(EPMAP - Location service - Dynamically assign ports for RPC). Do you want to allow this program to access the network?

That sounds very much like the Blaster worm to me. Block it!

PS: Don't leave out port numbers & such in reports like this, sometimes they are important.

It may help to use the following as a general rule: If you don't recognize it, block it. You can always turn things back on later.

OK, thanks again!

File Version : 5.00.2134.1
File Description : Generic Host Process for Win32 Services
File Path : C:\WINNT\system32\svchost.exe
Process ID : 1C0 (Heximal) 448 (Decimal)

Connection origin : remote initiated
Protocol : TCP
Local Address : 151.199.22.88
Local Port : 135 (EPMAP - Location service - Dynamically assign ports for RPC)
Remote Name :
Remote Address : 151.199.38.218
Remote Port : 2099

Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 00-00-01-00-00-00
Source: c2-4d-20-00-01-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 127
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x9680 (Correct)
Source: 151.199.38.218
Destination: 151.199.22.88
Transmission Control Protocol (TCP)
Source port: 2099
Destination port: 135
Sequence number: 2731203690
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x974e (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 00 01 00 00 00 C2 4D : 20 00 01 00 08 00 45 00 | .......M .....E.
0010: 00 30 0E 71 40 00 7F 06 : 80 96 97 C7 26 DA 97 C7 | .0.q@.......&...
0020: 16 58 08 33 00 87 A2 CA : DC 6A 00 00 00 00 70 02 | .X.3.....j....p.
0030: 40 00 4E 97 00 00 02 04 : 05 8C 01 01 04 02 | @.N...........

Hahaha...

Blaster.

damn little bugger!

Craven and Murray know more about Internet connection settings and such than me. Methinks they'd be able to see exactly what's going on; I'm just going by what I see as a LOT of hints pointing to it.

Looks like Blaster scanning 135.

ya, sure looks like it. there is a vulnerability in Microsoft Windows RPC service (which runs on 135) I wonder if that's what it's looking for.

It keeps trying to gain access! Freaky. My bro-in-law says just don't accept anything through the firewall.

By the way, thanks everyone. I'm learning how to do much of it on my own, by trial, but I still know almost nothing.

me too!

If you don't know what it is don't allow it, as someone else said you can always allow it later if needed.