Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

What is winfirewall.exe ???

Posted on 2004-10-16
4
Medium Priority
?
197 Views
Last Modified: 2008-02-01
Some stupid program is troubling(?) me. I was scared to notice my system was continuously sending out packets (without recieveing any). It is for the first time that I am noticing this. I (in my knowledge) have not installed anything that should do something of this kind. I tried finding out what was going on, and this is what I discovered:

The process sending out packets - %WinSysDir%\winfirewall.exe
Packets being sent to - nameservices.net
End point of connection on remote system - Port 1667
End point of connection on local system - Port 1667
Replies recieved - None

What it seems to me is that - my system is trying to contact a predefined naming service to resolve a name. But I have a couple of questions that are playing on my mind. Which name? Whos asked it to? Why this particular service? Who installed this app in first place? Is it a regular EXE, or a hacking tool?

0
Comment
Question by:RanjeetRain
  • 2
4 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 1000 total points
ID: 12330287
Hello RanjeetRain =)

Its not a valid process,,,, and shud be listed as "System Firewall" in msconfig and run registry keys !!
Must be a left over from a previous infection, or came from the internet temp files !!

So either delete it from ur system and registry and run some av and spyware scans to make sure that everything is clean :)
Good Luck :)
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 1000 total points
ID: 12330295
and if u want to know the Bad Startup and Running items on ur system, u can use hijackthis :)
Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 800 total points
ID: 12330331
RanjeetRain,

Not much results in google either means it is a  virus or spyware related or some new program yet to be cached in google.. LOL

Not sure if you have msconfig as I donot see OS info in your question. If you donot have it , download msconfig from here http://www.techadvice.com/win2000/m/msconfig_w2k.htm

Alternatively , check these registry locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR

0
 
LVL 19

Author Comment

by:RanjeetRain
ID: 13427563
Thanks for the advices guys :)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question