xp-ntoskrnl.exe
02 November 2004, 11:46 AM
#1
Scooby Regular
Thread Starter
Join Date: Jun 2003
Location: pencoed s wales
Posts: 1,357
Likes: 0
Received 0 Likes
on
0 Posts
xp-ntoskrnl.exe
the above app is trying to send out to this address for about 10 mins after boot
it slows the mc down during this time
Remote Name : sturfajtn.com
Remote Address : 82.146.34.218
Remote Port : 80 (HTTP - World Wide Web)
it slows the mc down during this time
i'm guessing it shouldnt
anyone have any idea what it is
richie
it slows the mc down during this time
Remote Name : sturfajtn.com
Remote Address : 82.146.34.218
Remote Port : 80 (HTTP - World Wide Web)
it slows the mc down during this time
i'm guessing it shouldnt
anyone have any idea what it is
richie
02 November 2004, 12:30 PM
#2
Scooby Regular
That's not a valid file on XP, so vape the little ****** (assuming the actual filename is xp-ntoskrnl.exe)
Last edited by ozzy; 02 November 2004 at 02:36 PM.
02 November 2004, 01:39 PM
#5
Scooby Regular
Join Date: May 2003
Posts: 1,165
Likes: 0
Received 0 Likes
on
0 Posts
ntoskrnl - ntoskrnl.exe - Process Information
Process File: ntoskrnl or ntoskrnl.exe
Process Name: Microsoft Boot Up Kernel
Description:
ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in WinTasks whilst under normal circumstances Note: ntoskrnl.exe can be altered by the w32.bolzano and variants. If this process appears in WinTasks, please update your virus definations immediatly.
For More Detailed Process Information Get WinTasks 5 Pro
Author: Microsoft
Part Of: Microsoft Windows Operating System
System Process: Yes
Background Process: Yes
Uses Network: No
Hardware Related: No
Common Errors: N/A
Security Risk (0-5): 0
Virus: No ( Remove )
Spyware: No ( Remove )
Trojan: No ( Remove )
Process File: ntoskrnl or ntoskrnl.exe
Process Name: Microsoft Boot Up Kernel
Description:
ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in WinTasks whilst under normal circumstances Note: ntoskrnl.exe can be altered by the w32.bolzano and variants. If this process appears in WinTasks, please update your virus definations immediatly.
For More Detailed Process Information Get WinTasks 5 Pro
Author: Microsoft
Part Of: Microsoft Windows Operating System
System Process: Yes
Background Process: Yes
Uses Network: No
Hardware Related: No
Common Errors: N/A
Security Risk (0-5): 0
Virus: No ( Remove )
Spyware: No ( Remove )
Trojan: No ( Remove )
02 November 2004, 03:03 PM
#6
Scooby Regular
Thread Starter
Join Date: Jun 2003
Location: pencoed s wales
Posts: 1,357
Likes: 0
Received 0 Likes
on
0 Posts
perhaps i'm an fbi fugative
when i right click on said file in an explorer window it closes the window.
is this normal?
it seems to be able to work round sygate firewall as well-shows its own rule in the traffic log even tho ive blocked the app?
damn computers
richie
when i right click on said file in an explorer window it closes the window.
is this normal?
it seems to be able to work round sygate firewall as well-shows its own rule in the traffic log even tho ive blocked the app?
damn computers
richie
02 November 2004, 03:22 PM
#7
Scooby Regular
richie, can you confirm the exact file name - "xp-ntoskrnl.exe" or just "ntoskrnl.exe"
Have you run a adware utility like Ad-Aware or Sybot or Hijack-This?
Also, is your anti-virus software up-to-date?
Stefan
Have you run a adware utility like Ad-Aware or Sybot or Hijack-This?
Also, is your anti-virus software up-to-date?
Stefan
Last edited by ozzy; 02 November 2004 at 03:25 PM.
Trending Topics
02 November 2004, 04:31 PM
#8
Scooby Regular
Join Date: May 2003
Posts: 1,165
Likes: 0
Received 0 Likes
on
0 Posts
more info of Sygate web site
Sygate Security Alert
Windows XP default install with TCP 445 open
Description:
TCP/UPD port 445 (used for filesharing and is opened by ntoskrnl.exe) is open by default on a freshly installed XP box. The attack is serious since it work remotely and can make the CPU usage 100% in less than 20 Seconds.
Impact:
Remote DOS attacks with SYN Flag. Make CPU usage 100%
Sygate Recommendations:
Sygate SSE and SPF Security Agents will block all ports and protocols exposed to the internet by ntoskrnl.exe. DOS attacks aimed at port 445 including SYN floods are denied with no adverse affect to Windows XP. Thanks to www.safehack.com for the disclosure of this serious exploit.
Sygate Security Alert
Windows XP default install with TCP 445 open
Description:
TCP/UPD port 445 (used for filesharing and is opened by ntoskrnl.exe) is open by default on a freshly installed XP box. The attack is serious since it work remotely and can make the CPU usage 100% in less than 20 Seconds.
Impact:
Remote DOS attacks with SYN Flag. Make CPU usage 100%
Sygate Recommendations:
Sygate SSE and SPF Security Agents will block all ports and protocols exposed to the internet by ntoskrnl.exe. DOS attacks aimed at port 445 including SYN floods are denied with no adverse affect to Windows XP. Thanks to www.safehack.com for the disclosure of this serious exploit.
02 November 2004, 06:21 PM
#9
Scooby Regular
Thread Starter
Join Date: Jun 2003
Location: pencoed s wales
Posts: 1,357
Likes: 0
Received 0 Likes
on
0 Posts
its ntoskrnl.exe
sounds like some kind of attack but ive run adaware,spybot avg antivirus and sygate firewall with no result
when its trying to connect the pc slows right down
im off to look on that sygate site now
richie
sounds like some kind of attack but ive run adaware,spybot avg antivirus and sygate firewall with no result
when its trying to connect the pc slows right down
im off to look on that sygate site now
richie
