Solved

What is winfirewall.exe ???

Posted on 2004-10-16
4
194 Views
Last Modified: 2008-02-01
Some stupid program is troubling(?) me. I was scared to notice my system was continuously sending out packets (without recieveing any). It is for the first time that I am noticing this. I (in my knowledge) have not installed anything that should do something of this kind. I tried finding out what was going on, and this is what I discovered:

The process sending out packets - %WinSysDir%\winfirewall.exe
Packets being sent to - nameservices.net
End point of connection on remote system - Port 1667
End point of connection on local system - Port 1667
Replies recieved - None

What it seems to me is that - my system is trying to contact a predefined naming service to resolve a name. But I have a couple of questions that are playing on my mind. Which name? Whos asked it to? Why this particular service? Who installed this app in first place? Is it a regular EXE, or a hacking tool?

0
Comment
Question by:RanjeetRain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 250 total points
ID: 12330287
Hello RanjeetRain =)

Its not a valid process,,,, and shud be listed as "System Firewall" in msconfig and run registry keys !!
Must be a left over from a previous infection, or came from the internet temp files !!

So either delete it from ur system and registry and run some av and spyware scans to make sure that everything is clean :)
Good Luck :)
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12330295
and if u want to know the Bad Startup and Running items on ur system, u can use hijackthis :)
Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 200 total points
ID: 12330331
RanjeetRain,

Not much results in google either means it is a  virus or spyware related or some new program yet to be cached in google.. LOL

Not sure if you have msconfig as I donot see OS info in your question. If you donot have it , download msconfig from here http://www.techadvice.com/win2000/m/msconfig_w2k.htm

Alternatively , check these registry locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR

0
 
LVL 19

Author Comment

by:RanjeetRain
ID: 13427563
Thanks for the advices guys :)
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question