Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is winfirewall.exe ???

Posted on 2004-10-16
4
Medium Priority
?
196 Views
Last Modified: 2008-02-01
Some stupid program is troubling(?) me. I was scared to notice my system was continuously sending out packets (without recieveing any). It is for the first time that I am noticing this. I (in my knowledge) have not installed anything that should do something of this kind. I tried finding out what was going on, and this is what I discovered:

The process sending out packets - %WinSysDir%\winfirewall.exe
Packets being sent to - nameservices.net
End point of connection on remote system - Port 1667
End point of connection on local system - Port 1667
Replies recieved - None

What it seems to me is that - my system is trying to contact a predefined naming service to resolve a name. But I have a couple of questions that are playing on my mind. Which name? Whos asked it to? Why this particular service? Who installed this app in first place? Is it a regular EXE, or a hacking tool?

0
Comment
Question by:RanjeetRain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 1000 total points
ID: 12330287
Hello RanjeetRain =)

Its not a valid process,,,, and shud be listed as "System Firewall" in msconfig and run registry keys !!
Must be a left over from a previous infection, or came from the internet temp files !!

So either delete it from ur system and registry and run some av and spyware scans to make sure that everything is clean :)
Good Luck :)
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 1000 total points
ID: 12330295
and if u want to know the Bad Startup and Running items on ur system, u can use hijackthis :)
Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 800 total points
ID: 12330331
RanjeetRain,

Not much results in google either means it is a  virus or spyware related or some new program yet to be cached in google.. LOL

Not sure if you have msconfig as I donot see OS info in your question. If you donot have it , download msconfig from here http://www.techadvice.com/win2000/m/msconfig_w2k.htm

Alternatively , check these registry locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR

0
 
LVL 19

Author Comment

by:RanjeetRain
ID: 13427563
Thanks for the advices guys :)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question