Strange files in Windows 2000 Server?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Strange files in Windows 2000 Server?

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    2

    Unhappy Strange files in Windows 2000 Server?

    I just found two files on my Windows 2000 server that are holding a port open. I searched Microsoft, Google newsgroups and others to find information but no one seems to know what these files are for.

    The file names are:

    bmss.exe
    bmssldr.exe

    Note: When I checked the version information for bmss.exe it said "BMonitor Session Manager" by Microsoft.

    I was wondering if anyone here knows what they are for?

    Thanks in advance,
    Js

  2. #2
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Which ports are held open?
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    How are they being started, as a service or what. Can you stop them from starting and see if the server continues to function as normal?

    If you can find no reference on the sites you searched I would be a little leary. Google will usually pop up with something about anything you search for..... As does the M$ kb.... I looked in both and there was nothing..... IMO, a cause for some concern.

    You may also want to put a packet-sniffer on the open ports on that machine for a few days and see if it generates or receives any traffic.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    I just did a google search for bmss.exe
    It came back to me as a 'one hit wonder'
    bmss.exe

    Sorry getting of topic.

    I do not have an answer but found it worth posting though.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Go to www.sysinternals.com and get:

    TCPView
    Process Explorer

    or go to www.foundstone.com and get:
    fport

    These tools should give you a much better idea about what these files are doing.

    Hope this helps!
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    http://new.inetc.net/Products/Dedica...eck/sample.htm

    Looks like a health monitor. The link i posted shows a sample of what information it provides (bmss.exe). Im not sure yet why it opens up a port though. It would really help to find out what ports its listening on. We have a win 2000 server, and its not on there :|
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Noodle: That's bloody wierd - I just searched Google for bmss.exe, bmssldr.exe and BMonitor Session Manager..... It came up with nothing for any of them
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Instronics
    The link mentioned is a sample of a company selling dedicated servers.
    You can buy the product but the link shows an example of the health check.
    bmss.exe shows up as a process in the check.
    It does not show what the process does.

    Tigershark - follow the link I provided.

  9. #9
    Junior Member
    Join Date
    Oct 2002
    Posts
    2
    The bmss.exe has the following ports open:

    bmss.exe:232 TCP 0.0.0.0:8198 0.0.0.0:0 LISTENING
    bmss.exe:232 UDP ???.???.???.???:8196 *:*

    Note: I replaced the IP address with the ???

  10. #10
    Junior Member
    Join Date
    Aug 2002
    Posts
    15
    Could it be like Patrol SNMP?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •