| Applications and Operating Systems Discuss any software apps, plus OS's: Win98/95, WinNT, Win2k, WinXP,Linux, BeOS, etc. |
11-12-2004, 12:23 AM
|
#1
|
|
Ultimate Member
Join Date: Aug 2003
Location: Crumbling American Empire
Posts: 1,844
|
upnpclient.exe = Unknown program
This guy I know has this on his system. I had him scan with all the usual programs like adaware, spybot, and av but nothing comes up. In task manager this is running under the applications tab, MSLib16s. When ever he kills the upnpclient.exe service it comes back after a couple of minutes. A search of his files shows it in the prefetch folder. When he deletes that it still comes back. I’ve searched all over the net and have come up empty. He also used one of those reg cleaners and there’s no dice there either. Has anybody come across this?
Edit: XP Pro by the way.
Last edited by The Lodge; 11-12-2004 at 12:28 AM.
|
|
|
11-12-2004, 04:56 AM
|
#2
|
|
Ultimate Member
Join Date: Sep 2001
Posts: 4,702
|
MS' "upnp" is a feature not needed now or ever, it leaves the system open to hacking. Use WinPatrol to try to kill the Active process and remove it from the startup list.
Then use GRC's Un Plug & Pray to disable it! You can read all about it at the same link. You can also look for & disable it in the "services" console in Admin Tools. GRC's little tool confirms the process is dead.
Another thing: AV, Ad & Spyware scanners don't usually catch "Trojans".
__________________
|
|
|
11-12-2004, 05:37 AM
|
#3
|
|
Hired Geek
Join Date: Jun 2002
Location: York, UK
Posts: 3,371
|
Quote:
Originally posted by Strawbs
Another thing: AV, Ad & Spyware scanners don't usually catch "Trojans".
|
Most AV programs do detect trojans now, as do adware scanners like PestPatrol.
|
|
|
11-12-2004, 07:22 AM
|
#4
|
|
Ultimate Member
Join Date: Aug 2003
Location: Crumbling American Empire
Posts: 1,844
|
Thanks Strawbs. I'll give those a try this evening, hopefully it will work. He's been complaining about port scans and constant norton popups telling him it just blocked an intrusion attempt. Using whois and nortons visual tracking it all points to Korea.
|
|
|
11-12-2004, 02:21 PM
|
#5
|
|
Ultimate Member
Join Date: Nov 2000
Location: United Kingdom
Posts: 3,375
|
Make sure System Restore is OFF and you have Enabled the Viewing of Hidden Files.
Look in C:\Windows\Prefetch for accdisk and Delete any entries
|
|
|
11-12-2004, 06:01 PM
|
#6
|
|
Ultimate Member
Join Date: Aug 2003
Location: Crumbling American Empire
Posts: 1,844
|
Will do G. I don't think he has hidden files shown. That's something I've always got going on with my rig. I didn't get a whole lot of time to mess with his computer. Tonight will be the true test.
|
|
|
11-13-2004, 08:16 AM
|
#7
|
|
Ultimate Member
Join Date: Aug 2003
Location: Crumbling American Empire
Posts: 1,844
|
I went over to his house and he was in the middle of a clean install. Oh well, another bit of info stored in the noggin for future reference.
|
|
|
11-13-2004, 09:00 AM
|
#8
|
|
Ultimate Member
Join Date: Sep 2001
Posts: 4,702
|
You should still have him disable upnp in "admin tools>services" for security reasons.
__________________
|
|
|
11-13-2004, 02:12 PM
|
#9
|
|
Ultimate Member
Join Date: May 2001
Location: Corpus Christi, Texas
Posts: 5,508
|
Quote:
|
You should still have him disable upnp in "admin tools>services" for security reasons.
|
And also the "SSDP Discovery Service" , both need to be disabled to turn off UPnP.
Be aware that some applications who need NAT traversal and some MS programs may not work , such as MSN Messenger and Remote Connection. I find its not too much of a security problem for home use myself , but it does leave a port open for an extended time when your done using it and my firewall logs get inundated from my WLAN side . Aside from that its safe IMO to disable it at the router and leave it in Manual in Services. Then, if you need it just turn it on at the router.
As to the files upnpclient.exe and MSLib16s , they are suspect. Theres a thread at TomCoyote's Forums , but the threat is new and probably rare and we'll just have to wait till its resolved. Someone will probably need to unpack the files to see whats up.
http://forums.tomcoyote.org/index.ph...62&hl=mslib16s
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 02:18 PM.
|
Weekly CPU Prices for February 5, 2010
Weekly CPU Prices for January 29, 2010
Weekly CPU Prices for January 22, 2010
Weekly CPU Prices for January 15, 2010
Weekly CPU Prices for January 8, 2010
Weekly CPU Prices for December 31, 2009
Weekly CPU Prices for December 25, 2009
Weekly CPU Prices for December 18, 2009
IBM Power7: Big Blue's Answer to Oracle, Intel
Chip Stocks Stabilize as Market Fall Continues
Mozilla Firefox to Drop Support of Mac OS X 10.4
SAP's CEO Ouster Latest Indication of Troubles
Oracle Adds SOA Depth with AmberPoint Deal
Cisco Aims to Simplify Datacenter Migrations
Google Earns High Marks for Super Bowl Ad
Investors Unimpressed With NetSuite's Q4
Facebook Says Adios to Microsoft Banner Ads
Why Red Hat Had to Pull the Plug on Exchange
|