|
|||||||
 |
|
|
Thread Tools | Search this Thread | Display Modes |
|
|||||||
|
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
01-05-2006, 04:24 AM
|
|||
|
|||
Help: After rebooting, I see 3 icmp echo requests to 210.17.17.194
IBM x31 Thinkpad, XPpro SP1 with all updates.
Remote assistance, and Remote Desktop are both off. Simple file sharing is off. I have scanned with updated Sophos anti-virus software. After rebooting, I see 3 icmp echo requests to 210.17.17.194. Inspecting the packets I see each is slighly different. Anyone have a cue? The requests come from a svchost process with an open listening port for remote file sharing at tcp 1025. Looking in the registry for the matching svchost I find an ImagePath of: %SystemRoot%\system32\svchost.exe -k netsvcs searching for "netsvcs.*" fails to find a file. The Registy lists the following as using netsvcs 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt TermService wuauserv BITS ShellHWDetection helpsvc uploadmgr WmdmPmSN 
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to make Windows see all free space? | Dmitry Kopnichev | Windows XP Setup Deployment | 24 | 01-05-2006 06:19 AM |
| Can you really 100% clean a compromised machine 100% of the time without wiping it? | Leythos | Windows XP Security Admin | 62 | 01-05-2006 04:31 AM |
| How to make Windows see all free space? | Dmitry Kopnichev | Windows XP Hardware | 24 | 01-05-2006 02:18 AM |
Linear Mode
