1
I have a relatively new Vista box (trying to find a weekend to upgrade to 7) that I've kept up to date with all windows updates. Running the firewall and MS's Security Essentials.
I was checking network traffic in Resource Overview and I have an entry for svchost sending data to the address of 'kuk'. I also have another svchost sending data to an address of my username. I assume/hope 'kuk' is some sort of system account? Googling it led to a few pages that referenced a virus but only in the context of there being some 'kuk.exe' file quarantined by virus scanning software.
Some more details from Resource Monitor:
Image: svchost.exe (NetworkService)
PID: 1392
Address: kuk
Regarding the thought that it may be a trojan, I just ran a full scan with MS's security tools...nothing found. This machine isn't used heavily. It's mainly my dev machine. So I haven't been downloading random stuff. Any suggest additional scanning software for Vista (and/or 7?)
DA.
Posted 2009-11-18T05:21:21.557
Reputation: 565
Upgrading to 7 will only take a few hours. Do it overnight. – Jim Deville – 2009-11-18T05:46:37.513
The network traffic will not show connections to accounts but to machines or devices.
By the sound of things kuk isn't an account but the name of something on your network. What IP address is it and what ports is it trying to connect to?
Is your pc name the same as your username? That would explain why the svchost was talking to it. – Sim – 2009-11-18T06:36:22.623
@Sim I'll update my post with some more details... – DA. – 2009-11-18T13:20:37.103
Thanks for the update SA. Your machine still thinks there is a device it is talking to called kuk. It would help if at a command prompt you could do a ping kuk or a nslookup kuk as that would help establish what the IP address of kuk is. – Sim – 2009-11-19T02:39:08.287