Feedback and Suggestions
Post your General Comments, Feedback or Suggestions pertaining to this website here.
Comments directed to specific information should be posted directly on the guide in question.
Please note: All comments are moderated by me, so they will not appear instantly, but will be read by me as soon as humanly possible.
This concerns the Windows Vista SP2 Configurations for;
WinHTTP Web Proxy Auto-Discovery Service WinHTTP implements the client HTTP stack and provides developers with a
Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition,
WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the
Web Proxy Auto-Discovery (WPAD) protocol. Manual Local Service
Black Viper >>Recommend Disabled
However the following information seems to be conflict;
Dependencies
What service WinHTTP Web Proxy Auto-Discovery Service needs to function properly:
* DHCP Client(HB, HP, B, U)
o Ancilliary Function Driver for Winsock (HB, HP, B, U)
o NetIO Legacy TDI Support Driver (HB, HP, B, U)
+ TCP/IP Protocol Driver (HB, HP, B, U)
o Network Store Interface Service(HB, HP, B, U)
+ NSI proxy service (HB, HP, B, U)
WinHTTP Web Proxy Auto-Discovery Service needs DHCP Client, not the other way around.
To reveal svchost.exe handles in Win 7
tasklist /svc /fi “imagename eq SVCHOST.exe”
Alternatively you can create a txt file on your desktop..
tasklist /svc /fi “imagename eq SVCHOST.exe” > C:\users\%username%\Desktop\svchost.txt
You can see all handles using scvhost and their PID’s.
If you compare that with the results of Netstat -ano you can find out which SVCHost process is connected to a remote IP adresss by comparing the PID and doing a whois ip search on remote addresses listed in the netstat -ano results
I found a few malicious files using the two commands