Windows XP trying to connect to the internet all the time
I ALWAYS get messages from my firewall that some services and other applications want to connect to the internet. I didnt have that problem with win2000! I used antispy software and others programs to disable winXPs spy features, but they still try to connect.
I ALWAYS get messages from my firewall that some services and other applications want to connect to the internet. I didnt have that problem with win2000! I used antispy software and others programs to disable winXPs spy features, but they still try to connect.
Services that want to connect:
C:\WINDOWS\SYSTEM32\DRIVERS\ndusuio.sys
C:\WINDOWS\Slave.exe
C:\WINDOWS\SYSTEM32\ntoskrnl.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
and something that worries me the most:
C:\WINDOWS\Web\speed\nufxp_ftpc.exe
this one tried to connect to various FTPs I never used like ftp.chello.at, ftp.euronet.nl, ftp.no.freeBSD.org, ftp.fi.freeBSD.org, ftp..freeBSD.org, ftp.cn.freeBSD.org, ftp.lt.freeBSD.org, ftp.mu.debian.org.
I never saw that program ever before and suddenly it appeared in the running processes list and tried like a madman to connect to those sites. I restarted the computer and now its gone. I tried to locate that file and couldnt find it in that folder. neither a search of that file helped.
So, is there a way to disable those services trying to connect to microsoft and anyone know what that nufxp_ftpc.exe file is?
I just installed windowsXP 1 week ago... I dont think it is a trojan, I know what to look for and never had a trojan.
Services that want to connect:
C:\WINDOWS\SYSTEM32\DRIVERS\ndusuio.sys
C:\WINDOWS\Slave.exe
C:\WINDOWS\SYSTEM32\ntoskrnl.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
and something that worries me the most:
C:\WINDOWS\Web\speed\nufxp_ftpc.exe
this one tried to connect to various FTPs I never used like ftp.chello.at, ftp.euronet.nl, ftp.no.freeBSD.org, ftp.fi.freeBSD.org, ftp..freeBSD.org, ftp.cn.freeBSD.org, ftp.lt.freeBSD.org, ftp.mu.debian.org.
I never saw that program ever before and suddenly it appeared in the running processes list and tried like a madman to connect to those sites. I restarted the computer and now its gone. I tried to locate that file and couldnt find it in that folder. neither a search of that file helped.
So, is there a way to disable those services trying to connect to microsoft and anyone know what that nufxp_ftpc.exe file is?
I just installed windowsXP 1 week ago... I dont think it is a trojan, I know what to look for and never had a trojan.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
The give away here is the file slave.exe. It is often used by hackers as a backdoor to remotely take over a host. This file should be found in the \Windows\System32 folder. Use regedit to see if it is being invoked from here: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"RA Server"="C:\\WINDOWS\\Slave.exe"
It is sometimes called the Remacc.RAServer since slave is a component of Remote Anything.
So, inadvertantly you installed Remote Anything on your computer or someone installed to watch you on the network, or it came through a surreptious email.
"RA Server"="C:\\WINDOWS\\Slave.exe"
It is sometimes called the Remacc.RAServer since slave is a component of Remote Anything.
So, inadvertantly you installed Remote Anything on your computer or someone installed to watch you on the network, or it came through a surreptious email.
svchost.exe is normal. I forget what it does though.
I just thought about it. when I installed winxp I noticed that slave.exe running and trying to connect to the internet and so I let it do that until now. think someone could send me a trojan over that slave.exe and that nufxp_ftpc.exe was that trojan? I am sure I didnt get any trojan with an email or file or whatever. norton antivirus didnt find anthing either.
There was also a new user installed named Windows, after I restarted the computer when I noticed nufxp_ftpc.exe trying to connect.
There was also a new user installed named Windows, after I restarted the computer when I noticed nufxp_ftpc.exe trying to connect.
Remote Anything is a legitimate program. It isn't considered a virus or a trojan. Your computer, if owned by another through Remote Anything, can become a bot to be later used in a denial of service attack. Personally, I would back up my data, and reformat and reinstall XP just to be on the safe side.
Quote:svchost.exe is normal. I forget what it does though.
it runs dlls
it runs dlls
If you're really paranoid, you could block everything, and selectivly enable things as they are needed.
Quote:If you're really paranoid, you could block everything, and selectivly enable things as they are needed.
that is the best advice - block it - then if something does not work - enable it
better to be safe then sorry.
Also - now a days a good hacker can get in through SSL or SSH or IIS or a million other methods - and this will not be notice via any antivirus software as they are exploting bugs in Windows and other weakneses.
that is the best advice - block it - then if something does not work - enable it
better to be safe then sorry.
Also - now a days a good hacker can get in through SSL or SSH or IIS or a million other methods - and this will not be notice via any antivirus software as they are exploting bugs in Windows and other weakneses.
