Jump to content
Compatible Support Forums
Sign in to follow this  
CoolHand

Windows XP trying to connect to the internet all the time

Recommended Posts

I ALWAYS get messages from my firewall that some services and other applications want to connect to the internet. I didnt have that problem with win2000! I used antispy software and others programs to disable winXPs spy features, but they still try to connect.

Services that want to connect:

C:\WINDOWS\SYSTEM32\DRIVERS\ndusuio.sys

C:\WINDOWS\Slave.exe

C:\WINDOWS\SYSTEM32\ntoskrnl.exe

C:\WINDOWS\SYSTEM32\lsass.exe

C:\WINDOWS\SYSTEM32\svchost.exe

 

and something that worries me the most:

C:\WINDOWS\Web\speed\nufxp_ftpc.exe

 

this one tried to connect to various FTPs I never used like ftp.chello.at, ftp.euronet.nl, ftp.no.freeBSD.org, ftp.fi.freeBSD.org, ftp..freeBSD.org, ftp.cn.freeBSD.org, ftp.lt.freeBSD.org, ftp.mu.debian.org.

 

I never saw that program ever before and suddenly it appeared in the running processes list and tried like a madman to connect to those sites. I restarted the computer and now its gone. I tried to locate that file and couldnt find it in that folder. neither a search of that file helped.

 

 

So, is there a way to disable those services trying to connect to microsoft and anyone know what that nufxp_ftpc.exe file is?

 

I just installed windowsXP 1 week ago... I dont think it is a trojan, I know what to look for and never had a trojan.

Share this post


Link to post

The give away here is the file slave.exe. It is often used by hackers as a backdoor to remotely take over a host. This file should be found in the \Windows\System32 folder. Use regedit to see if it is being invoked from here: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

"RA Server"="C:\\WINDOWS\\Slave.exe"

It is sometimes called the Remacc.RAServer since slave is a component of Remote Anything.

So, inadvertantly you installed Remote Anything on your computer or someone installed to watch you on the network, or it came through a surreptious email.

Share this post


Link to post

I uninstalled it. I never installed it. I read on the RA website that it is supplied with windowsXP as a integrated service... wtf!

Share this post


Link to post

I just thought about it. when I installed winxp I noticed that slave.exe running and trying to connect to the internet and so I let it do that until now. think someone could send me a trojan over that slave.exe and that nufxp_ftpc.exe was that trojan? I am sure I didnt get any trojan with an email or file or whatever. norton antivirus didnt find anthing either.

There was also a new user installed named Windows, after I restarted the computer when I noticed nufxp_ftpc.exe trying to connect.

Share this post


Link to post

Remote Anything is a legitimate program. It isn't considered a virus or a trojan. Your computer, if owned by another through Remote Anything, can become a bot to be later used in a denial of service attack. Personally, I would back up my data, and reformat and reinstall XP just to be on the safe side.

Share this post


Link to post

So what about the other services Im running? Can I block them with my firewall without any bad consequences?

Share this post


Link to post
Quote:
If you're really paranoid, you could block everything, and selectivly enable things as they are needed.


that is the best advice - block it - then if something does not work - enable it smile

better to be safe then sorry.

Also - now a days a good hacker can get in through SSL or SSH or IIS or a million other methods - and this will not be notice via any antivirus software as they are exploting bugs in Windows and other weakneses.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×