Solved

What is winfirewall.exe ???

Posted on 2004-10-16
4
195 Views
Last Modified: 2008-02-01
Some stupid program is troubling(?) me. I was scared to notice my system was continuously sending out packets (without recieveing any). It is for the first time that I am noticing this. I (in my knowledge) have not installed anything that should do something of this kind. I tried finding out what was going on, and this is what I discovered:

The process sending out packets - %WinSysDir%\winfirewall.exe
Packets being sent to - nameservices.net
End point of connection on remote system - Port 1667
End point of connection on local system - Port 1667
Replies recieved - None

What it seems to me is that - my system is trying to contact a predefined naming service to resolve a name. But I have a couple of questions that are playing on my mind. Which name? Whos asked it to? Why this particular service? Who installed this app in first place? Is it a regular EXE, or a hacking tool?

0
Comment
Question by:RanjeetRain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 250 total points
ID: 12330287
Hello RanjeetRain =)

Its not a valid process,,,, and shud be listed as "System Firewall" in msconfig and run registry keys !!
Must be a left over from a previous infection, or came from the internet temp files !!

So either delete it from ur system and registry and run some av and spyware scans to make sure that everything is clean :)
Good Luck :)
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12330295
and if u want to know the Bad Startup and Running items on ur system, u can use hijackthis :)
Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 200 total points
ID: 12330331
RanjeetRain,

Not much results in google either means it is a  virus or spyware related or some new program yet to be cached in google.. LOL

Not sure if you have msconfig as I donot see OS info in your question. If you donot have it , download msconfig from here http://www.techadvice.com/win2000/m/msconfig_w2k.htm

Alternatively , check these registry locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR

0
 
LVL 19

Author Comment

by:RanjeetRain
ID: 13427563
Thanks for the advices guys :)
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question