Windows XP trying to connect to the internet all the time
This is a discussion about Windows XP trying to connect to the internet all the time in the Everything New Technology category; I ALWAYS get messages from my firewall that some services and other applications want to connect to the internet. I didnt have that problem with win2000! I used antispy software and others programs to disable winXPs spy features, but they still try to connect.
I ALWAYS get messages from my firewall that some services and other applications want to connect to the internet. I didnt have that problem with win2000! I used antispy software and others programs to disable winXPs spy features, but they still try to connect.
Services that want to connect:
C:\WINDOWS\SYSTEM32\DRIVERS\ndusuio.sys
C:\WINDOWS\Slave.exe
C:\WINDOWS\SYSTEM32\ntoskrnl.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
and something that worries me the most:
C:\WINDOWS\Web\speed\nufxp_ftpc.exe
this one tried to connect to various FTPs I never used like ftp.chello.at, ftp.euronet.nl, ftp.no.freeBSD.org, ftp.fi.freeBSD.org, ftp..freeBSD.org, ftp.cn.freeBSD.org, ftp.lt.freeBSD.org, ftp.mu.debian.org.
I never saw that program ever before and suddenly it appeared in the running processes list and tried like a madman to connect to those sites. I restarted the computer and now its gone. I tried to locate that file and couldnt find it in that folder. neither a search of that file helped.
So, is there a way to disable those services trying to connect to microsoft and anyone know what that nufxp_ftpc.exe file is?
I just installed windowsXP 1 week ago... I dont think it is a trojan, I know what to look for and never had a trojan.
Services that want to connect:
C:\WINDOWS\SYSTEM32\DRIVERS\ndusuio.sys
C:\WINDOWS\Slave.exe
C:\WINDOWS\SYSTEM32\ntoskrnl.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
and something that worries me the most:
C:\WINDOWS\Web\speed\nufxp_ftpc.exe
this one tried to connect to various FTPs I never used like ftp.chello.at, ftp.euronet.nl, ftp.no.freeBSD.org, ftp.fi.freeBSD.org, ftp..freeBSD.org, ftp.cn.freeBSD.org, ftp.lt.freeBSD.org, ftp.mu.debian.org.
I never saw that program ever before and suddenly it appeared in the running processes list and tried like a madman to connect to those sites. I restarted the computer and now its gone. I tried to locate that file and couldnt find it in that folder. neither a search of that file helped.
So, is there a way to disable those services trying to connect to microsoft and anyone know what that nufxp_ftpc.exe file is?
I just installed windowsXP 1 week ago... I dont think it is a trojan, I know what to look for and never had a trojan.
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Oct 29
Nov 1
0
4 minutes
Responses to this topic
The give away here is the file slave.exe. It is often used by hackers as a backdoor to remotely take over a host. This file should be found in the \Windows\System32 folder. Use regedit to see if it is being invoked from here: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"RA Server"="C:\\WINDOWS\\Slave.exe"
It is sometimes called the Remacc.RAServer since slave is a component of Remote Anything.
So, inadvertantly you installed Remote Anything on your computer or someone installed to watch you on the network, or it came through a surreptious email.
"RA Server"="C:\\WINDOWS\\Slave.exe"
It is sometimes called the Remacc.RAServer since slave is a component of Remote Anything.
So, inadvertantly you installed Remote Anything on your computer or someone installed to watch you on the network, or it came through a surreptious email.
svchost.exe is normal. I forget what it does though.
OP
I uninstalled it. I never installed it. I read on the RA website that it is supplied with windowsXP as a integrated service... wtf!
OP
I just thought about it. when I installed winxp I noticed that slave.exe running and trying to connect to the internet and so I let it do that until now. think someone could send me a trojan over that slave.exe and that nufxp_ftpc.exe was that trojan? I am sure I didnt get any trojan with an email or file or whatever. norton antivirus didnt find anthing either.
There was also a new user installed named Windows, after I restarted the computer when I noticed nufxp_ftpc.exe trying to connect.
There was also a new user installed named Windows, after I restarted the computer when I noticed nufxp_ftpc.exe trying to connect.
Remote Anything is a legitimate program. It isn't considered a virus or a trojan. Your computer, if owned by another through Remote Anything, can become a bot to be later used in a denial of service attack. Personally, I would back up my data, and reformat and reinstall XP just to be on the safe side.
Quote:svchost.exe is normal. I forget what it does though.
it runs dlls
it runs dlls
OP
So what about the other services Im running? Can I block them with my firewall without any bad consequences?
If you're really paranoid, you could block everything, and selectivly enable things as they are needed.
Quote:If you're really paranoid, you could block everything, and selectivly enable things as they are needed.
that is the best advice - block it - then if something does not work - enable it
better to be safe then sorry.
Also - now a days a good hacker can get in through SSL or SSH or IIS or a million other methods - and this will not be notice via any antivirus software as they are exploting bugs in Windows and other weakneses.
that is the best advice - block it - then if something does not work - enable it
better to be safe then sorry.
Also - now a days a good hacker can get in through SSL or SSH or IIS or a million other methods - and this will not be notice via any antivirus software as they are exploting bugs in Windows and other weakneses.
