ifconfig in Win ME

[Rain6770]

has anyone heard of WIN ME running a process called 'ifconfig'? from what i understand this is a *nix process. I've done alot of google'ing but ifconfig is barely mentioned with Win ME and it doesn't say alot. I've tried to end the task and it comes up twice in the task list afterwards. I've gone into the registry and tried to delete it but it always shows up again. I used serveral registry editing/checking programs and it still comes back. Thanks in advance.

Rain

[XTC46]

http://www.windowsnetworking.com/kba...takaAINTX.html

[Rain6770]

Thank you XTC.

"The ifconfig command is used on Solaris (unix) machines to assign an address to a network interface or to configure your network interface. During system startup, ifconfig is called to define the network address of each interface present on your Solaris machine. ifconfig may also be used to redefine a network interface's address or other operating parameters, or to display the current configuration on an interface."

Is this originally a *nix command? or I think I should ask, is this predominantly used for *nix systems? Thanks again.

[IKnowNot]

Yes, ifconfig is a *nix command ( unix, linux, etc. )

not found on my copies of ME !

It is also used in *nix rootkits.

Where is it loading from ??

[zencoder]

ifconfig is a *NIX command. ipconfig is the bastard cousin cripple-ware version for Windows. That being said, it could be a legitimate thread. Depends on what is installed/running. Search AO here for info on the HiJack This! util, it should help you figure out what is spawning them (I think. Don't really know it too well.)

[dinowuff]

Check the following

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
ifconfig.exe=C:\WINDOWS\system32\ifconfig.exe

[PluginObj]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5483427F-93B8-1470-5A89-E6B56484CDB2}=c:\documents and settings\app hunter\local settings\temp\rdfzihvzquh.dll

[FileCreated]
c:\windows\system32\ifconfig.exe=1
c:\docume~1\apphun~1\locals~1\temp\rdfzihvzquh.dll=1

[whatthe]

Cyberdefender has a bug picked up in ifconfig.exe although their site isn't very useful.

http://www.cyberdefender.com/risk/ht...94800.log.html

Is this where ifconfig is listed in your registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
ifconfig.exe=C:\WINDOWS\system32\ifconfig.exe

If it is I don't think it is normal ME startup app. Should do a virus scan.

[Tiger Shark]

I would go to www.winpatrol.com and download winpatrol. Use it to disable it at startup, restart and see if everything works right. It is possible that it is something that came with a NIC driver and you don't want to delete it right off the bat.

If everything works fine then you need to look closely at the box because it may be compromised.

Tell us what you find please

[Rain6770]

Thanks to everyone for all of the help. However, after hours of toying with the registry and 'hijack this', I am extremly unsat with WIN ME and the 'blue screen of death' I get every ten minutes. The os won't even accept MS critical updates - everytime I intsall and reboot, I get a black screen on boot that has numerous lines of 'updating system files...1%...2%...could not update files'; from there I have to boot into safe mode then reboot again and it still did not update the files. There seems to be too many problems so I think it's time for a clean wipe and a fresh XP intsall. Thanks again for everyone's help.