[CoolHand]

I ALWAYS get messages from my firewall that some services and other applications want to connect to the internet. I didnt have that problem with win2000! I used antispy software and others programs to disable winXPs spy features, but they still try to connect.
Services that want to connect:
C:\WINDOWS\SYSTEM32\DRIVERS\ndusuio.sys
C:\WINDOWS\Slave.exe
C:\WINDOWS\SYSTEM32\ntoskrnl.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe

and something that worries me the most:
C:\WINDOWS\Web\speed\nufxp_ftpc.exe

this one tried to connect to various FTPs I never used like ftp.chello.at, ftp.euronet.nl, ftp.no.freeBSD.org, ftp.fi.freeBSD.org, ftp..freeBSD.org, ftp.cn.freeBSD.org, ftp.lt.freeBSD.org, ftp.ru.debian.org.

I never saw that program ever before and suddenly it appeared in the running processes list and tried like a madman to connect to those sites. I restarted the computer and now its gone. I tried to locate that file and couldnt find it in that folder. neither a search of that file helped.


So, is there a way to disable those services trying to connect to microsoft and anyone know what that nufxp_ftpc.exe file is?

I just installed windowsXP 1 week ago... I dont think it is a trojan, I know what to look for and never had a trojan.

[Sampson]

The give away here is the file slave.exe. It is often used by hackers as a backdoor to remotely take over a host. This file should be found in the \Windows\System32 folder. Use regedit to see if it is being invoked from here: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"RA Server"="C:\\WINDOWS\\Slave.exe"
It is sometimes called the Remacc.RAServer since slave is a component of Remote Anything.
So, inadvertantly you installed Remote Anything on your computer or someone installed to watch you on the network, or it came through a surreptious email.

[ViolentGreen]

svchost.exe is normal. I forget what it does though.

[CoolHand]

I uninstalled it. I never installed it. I read on the RA website that it is supplied with windowsXP as a integrated service... wtf!

[CoolHand]

I just thought about it. when I installed winxp I noticed that slave.exe running and trying to connect to the internet and so I let it do that until now. think someone could send me a trojan over that slave.exe and that nufxp_ftpc.exe was that trojan? I am sure I didnt get any trojan with an email or file or whatever. norton antivirus didnt find anthing either.
There was also a new user installed named Windows, after I restarted the computer when I noticed nufxp_ftpc.exe trying to connect.

[Sampson]

Remote Anything is a legitimate program. It isn't considered a virus or a trojan. Your computer, if owned by another through Remote Anything, can become a bot to be later used in a denial of service attack. Personally, I would back up my data, and reformat and reinstall XP just to be on the safe side.

[Four and Twenty]

Quote:

svchost.exe is normal. I forget what it does though.

it runs dlls

[CoolHand]

So what about the other services Im running? Can I block them with my firewall without any bad consequences?

[adamvjackson]

If you're really paranoid, you could block everything, and selectivly enable things as they are needed.

[Mr.Guvernment]

Quote:

If you're really paranoid, you could block everything, and selectivly enable things as they are needed.

that is the best advice - block it - then if something does not work - enable it

better to be safe then sorry.

Also - now a days a good hacker can get in through SSL or SSH or IIS or a million other methods - and this will not be notice via any antivirus software as they are exploting bugs in Windows and other weakneses.