-
November 21st, 2001, 09:03 AM
#1
Nosey Windows Programs
Anyone else had stuff like this? Sometimes I get an alert that some windows utility or program is trying to send something through TCP/IP, and it just doesn't make any sense for the program to do so. For instance...
Outgoing ICMP type 8 (ping) from xxx.xxx.xxx.90 to xxx.xxx.xxx.91 (my computer is xxx.xxx.xxx.90)... but guess what program! Disk Defragmenter! (c:\windows\defrag.exe). Now why would microsoft make a disk defragmentation program that pings the next address after your own?
Anyone else have examples to post? I had a few other weird ones, but I don't think I kept the particulars.
[HvC]Terr: L33T Technical Proficiency
-
November 21st, 2001, 09:56 AM
#2
Member
I had the same thing happen with defrag...at the time I just ignored it assuming it was just some random bug in my firewall, but if its happened to others too maybe not....
Ignorance is a voluntary misfortune
-
November 21st, 2001, 02:15 PM
#3
Just a thought... Windows always wants to know which items you've got under 'My Computer' (local disks, my favourite network places, ...)
Could defrag be checking if any of those are online?
-
November 21st, 2001, 02:28 PM
#4
Senior Member
Prog
Yes ive had something similar happen (i cant remember what it was, but it makes you think why they need to access the net)
..Just curious..i got win2k the other week and My services and controller applications (C:WINNT\system32\services) likes to go net bound, whats is this proggie for exactly...n why does it need to go net bound ?
anyone
-
November 21st, 2001, 02:37 PM
#5
Senior Member
Re: Nosey Windows Programs
Originally posted by Terr
Anyone else had stuff like this? Sometimes I get an alert that some windows utility or program is trying to send something through TCP/IP, and it just doesn't make any sense for the program to do so. For instance...
Outgoing ICMP type 8 (ping) from xxx.xxx.xxx.90 to xxx.xxx.xxx.91 (my computer is xxx.xxx.xxx.90)... but guess what program! Disk Defragmenter! (c:\windows\defrag.exe). Now why would microsoft make a disk defragmentation program that pings the next address after your own?
Anyone else have examples to post? I had a few other weird ones, but I don't think I kept the particulars.
Well weird, have you scanned the file for virii? (no offence) but it could be a malicious program thats replaced disk defrag. alternatively it could be checking your network neighbourhood?/network places, was the other ip local?
There\'s no sense in being Pessimistic...it would never work anyway.
-
November 21st, 2001, 04:57 PM
#6
What type of ISP do you have somtimes it's the ISP making sure that you are still connected, they have two options one is to ping you another is to have you ping them. It happens to my mom alot because she uses AOL so it's kind of ****ed up. Anyway that might me it. If you type in netstat and you see a whole bunch of
time_wait's then that might be what it's doing. It's a connection thing.
But it could be viruses, a hacker, trojan, anything it just sounded familiar and thought I would provide some glass is half empty insight.
-
November 22nd, 2001, 12:12 AM
#7
Member
i too think its a trojan under the name defrag
-
November 22nd, 2001, 12:28 AM
#8
Nosey Programs...You Too
Terr,
Yeah I've had some pretty strange stuff happen too, here is a few that I've had happen to me:
1. When I used to run Tiny, I had something similiar to what you are describing happen, but off hand I don't remeber what it was...
2. When running ZA and I started IE I would get an alert that asked if I would allow "Distributed COM Services".
This turned out to be RPCSS.exe which is installed with M$ Visual Studio! (If anyone had this problem and was wondering why, I have a few great sources on RPCSS for those who are interested.)
3. When running ZA and starting IE for the FIRST time after a reboot, I would do a netstat -a and find an entry that said the following:
TCP SimonTempler:1027 localhost.UU.NET:1027
Haven't researched into that one yet...
Just some of the few nosey windows programs I have encountered
Simon Templer
\"Your work is to discover your world and then with all your heart give yourself to it. \"
-The Buddha
-
November 22nd, 2001, 12:39 AM
#9
Just to clarify, I was actually RUNNING defrag at the time, and if it *is* a trojan, it certainly does a pretty decent job of defragmenting my system and integrating itself with windows, while replacing the original (and valid) c:\windows\defrag.exe...
Oh, and it looks exactly the same too, and it was last-modified sometime in 1998.
No, I don't think it is a trojan.
[HvC]Terr: L33T Technical Proficiency
-
November 22nd, 2001, 02:33 AM
#10
Senior Member
Hrmmmm
*Maybe* the defrag is trying to ping out to see if there are any drives mapped on a network and tries to remotely execute a defrag on another PC (i.e. if you have it in scheduled tasks). Just a thought though.
Risk everything, or gain nothing.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|