Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Nosey Windows Programs

  1. #1
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Nosey Windows Programs

    Anyone else had stuff like this? Sometimes I get an alert that some windows utility or program is trying to send something through TCP/IP, and it just doesn't make any sense for the program to do so. For instance...

    Outgoing ICMP type 8 (ping) from xxx.xxx.xxx.90 to xxx.xxx.xxx.91 (my computer is xxx.xxx.xxx.90)... but guess what program! Disk Defragmenter! (c:\windows\defrag.exe). Now why would microsoft make a disk defragmentation program that pings the next address after your own?

    Anyone else have examples to post? I had a few other weird ones, but I don't think I kept the particulars.
    [HvC]Terr: L33T Technical Proficiency

  2. #2
    I had the same thing happen with defrag...at the time I just ignored it assuming it was just some random bug in my firewall, but if its happened to others too maybe not....
    Ignorance is a voluntary misfortune

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Just a thought... Windows always wants to know which items you've got under 'My Computer' (local disks, my favourite network places, ...)

    Could defrag be checking if any of those are online?

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    130

    Prog

    Yes ive had something similar happen (i cant remember what it was, but it makes you think why they need to access the net)

    ..Just curious..i got win2k the other week and My services and controller applications (C:WINNT\system32\services) likes to go net bound, whats is this proggie for exactly...n why does it need to go net bound ?

    anyone

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    118

    Re: Nosey Windows Programs

    Originally posted by Terr
    Anyone else had stuff like this? Sometimes I get an alert that some windows utility or program is trying to send something through TCP/IP, and it just doesn't make any sense for the program to do so. For instance...

    Outgoing ICMP type 8 (ping) from xxx.xxx.xxx.90 to xxx.xxx.xxx.91 (my computer is xxx.xxx.xxx.90)... but guess what program! Disk Defragmenter! (c:\windows\defrag.exe). Now why would microsoft make a disk defragmentation program that pings the next address after your own?

    Anyone else have examples to post? I had a few other weird ones, but I don't think I kept the particulars.
    Well weird, have you scanned the file for virii? (no offence) but it could be a malicious program thats replaced disk defrag. alternatively it could be checking your network neighbourhood?/network places, was the other ip local?
    There\'s no sense in being Pessimistic...it would never work anyway.

  6. #6
    What type of ISP do you have somtimes it's the ISP making sure that you are still connected, they have two options one is to ping you another is to have you ping them. It happens to my mom alot because she uses AOL so it's kind of ****ed up. Anyway that might me it. If you type in netstat and you see a whole bunch of
    time_wait's then that might be what it's doing. It's a connection thing.

    But it could be viruses, a hacker, trojan, anything it just sounded familiar and thought I would provide some glass is half empty insight.

  7. #7
    i too think its a trojan under the name defrag

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    175

    Cool Nosey Programs...You Too

    Terr,

    Yeah I've had some pretty strange stuff happen too, here is a few that I've had happen to me:

    1. When I used to run Tiny, I had something similiar to what you are describing happen, but off hand I don't remeber what it was...

    2. When running ZA and I started IE I would get an alert that asked if I would allow "Distributed COM Services".
    This turned out to be RPCSS.exe which is installed with M$ Visual Studio! (If anyone had this problem and was wondering why, I have a few great sources on RPCSS for those who are interested.)

    3. When running ZA and starting IE for the FIRST time after a reboot, I would do a netstat -a and find an entry that said the following:
    TCP SimonTempler:1027 localhost.UU.NET:1027

    Haven't researched into that one yet...

    Just some of the few nosey windows programs I have encountered
    Simon Templer

    \"Your work is to discover your world and then with all your heart give yourself to it. \"
    -The Buddha

  9. #9
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Just to clarify, I was actually RUNNING defrag at the time, and if it *is* a trojan, it certainly does a pretty decent job of defragmenting my system and integrating itself with windows, while replacing the original (and valid) c:\windows\defrag.exe...

    Oh, and it looks exactly the same too, and it was last-modified sometime in 1998.

    No, I don't think it is a trojan.
    [HvC]Terr: L33T Technical Proficiency

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Posts
    118

    Hrmmmm

    *Maybe* the defrag is trying to ping out to see if there are any drives mapped on a network and tries to remotely execute a defrag on another PC (i.e. if you have it in scheduled tasks). Just a thought though.
    Risk everything, or gain nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •