Solved

What is winfirewall.exe ???

Posted on 2004-10-16
4
188 Views
Last Modified: 2008-02-01
Some stupid program is troubling(?) me. I was scared to notice my system was continuously sending out packets (without recieveing any). It is for the first time that I am noticing this. I (in my knowledge) have not installed anything that should do something of this kind. I tried finding out what was going on, and this is what I discovered:

The process sending out packets - %WinSysDir%\winfirewall.exe
Packets being sent to - nameservices.net
End point of connection on remote system - Port 1667
End point of connection on local system - Port 1667
Replies recieved - None

What it seems to me is that - my system is trying to contact a predefined naming service to resolve a name. But I have a couple of questions that are playing on my mind. Which name? Whos asked it to? Why this particular service? Who installed this app in first place? Is it a regular EXE, or a hacking tool?

0
Comment
Question by:RanjeetRain
  • 2
4 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 250 total points
Comment Utility
Hello RanjeetRain =)

Its not a valid process,,,, and shud be listed as "System Firewall" in msconfig and run registry keys !!
Must be a left over from a previous infection, or came from the internet temp files !!

So either delete it from ur system and registry and run some av and spyware scans to make sure that everything is clean :)
Good Luck :)
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
Comment Utility
and if u want to know the Bad Startup and Running items on ur system, u can use hijackthis :)
Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 200 total points
Comment Utility
RanjeetRain,

Not much results in google either means it is a  virus or spyware related or some new program yet to be cached in google.. LOL

Not sure if you have msconfig as I donot see OS info in your question. If you donot have it , download msconfig from here http://www.techadvice.com/win2000/m/msconfig_w2k.htm

Alternatively , check these registry locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR

0
 
LVL 19

Author Comment

by:RanjeetRain
Comment Utility
Thanks for the advices guys :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now