| Author |
Message |
Yef
Guest
|
 Posted:
Mon Mar 28, 2005 7:51 pm Post subject:
More apparent M$ spyware |
|
|
Recently my firewall detected something interesting.
I was ripping a DVD that a friend created with his videocamera
when I accidentally clicked on the button for modifying
the DivX parameters. At this point, my firewall warned me
of two attempts to access the Internet, thus:
First:
fu.exe (the ripper, which normally never accesses the Net)
destination IP = 63.218.7.132 protocol HTTP
I assume on port 80, as the firewall doesn't say.
Second:
rundll32.exe, version 5.1.2600.2180 (xpsp_sp2_rtm.[some #s])
dest IP = 63.218.7.132 protocol HTTP
I assume on port 80, as the firewall doesn't say.
My firewall is Zonealarm--an older version.
I did a reverse IP lookup and found 63.218.7.132 belongs to :
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: Reston Executive Center
Address: 12100 Sunset Hills Road, Suite 300
City: Reston
StateProv: VA
PostalCode: 20190
Country: US
If you telnet to this IP on port 80, and type "get /"
it return HTTP error 501, not implemented.
I am guessing that someone is deliberately spying.
Whether Beyond the Network is actively helping or is just
a conduit, I cannot determine.
But clearly there is a DLL that is a part of Service Pack 2
that is the second program trying to send out info.
-
|
|
| Back to top |
|
 |
Freddy
Guest
|
| Posted:
Mon Mar 28, 2005 7:58 pm Post subject:
Re: More apparent M$ spyware |
|
|
Yef wrote:
<snip lies>
Stop telling lies, you linux pukes.
> - |
|
| Back to top |
|
|
Erik Funkenbusch
Guest
|
| Posted:
Mon Mar 28, 2005 8:45 pm Post subject:
Re: More apparent M$ spyware |
|
|
On 28 Mar 2005 06:51:04 -0800, Yef wrote:
| Quote: | Second:
rundll32.exe, version 5.1.2600.2180 (xpsp_sp2_rtm.[some #s])
dest IP = 63.218.7.132 protocol HTTP
I assume on port 80, as the firewall doesn't say.
I am guessing that someone is deliberately spying.
Whether Beyond the Network is actively helping or is just
a conduit, I cannot determine.
But clearly there is a DLL that is a part of Service Pack 2
that is the second program trying to send out info.
|
This is a misunderstanding on your part. RunDLL is not a DLL, as the .exe
on the end of it shows. It's a "host" program that, as the name implies,
"Runs DLL's". It takes a DLL name as a parameter and an entry point
ordinal as the other and calls whatever function that is.
RunDLL is used by all kinds of programs, including third party apps, to
run. RunDLL itself doesn't access the internet, but whatever DLL it's
hosting might.
As an example:
http://www.robvanderwoude.com/index.html
As usual, your "shoot first and ask questions later" approach is wrong. |
|
| Back to top |
|
|
Yef
Guest
|
| Posted:
Mon Mar 28, 2005 9:36 pm Post subject:
Re: More apparent M$ spyware |
|
|
Erik Funkenbusch wrote:
| Quote: | As usual, your "shoot first and ask questions later" approach is
wrong. |
Your response is comical, because it does not in any way
refute my assertion that a program tried to access the Internet
or that it arises out of XP service pack 2. As you yourself said,
you should not shoot first and ask questions later, but this is
what you have done, because you have not refuted the substance
of my argument, but you have only nitpickingly accused me of making
an error, which is childish of you. May I ask how old you are? |
|
| Back to top |
|
|
ralph
Guest
|
| Posted:
Mon Mar 28, 2005 9:48 pm Post subject:
Re: More apparent M$ spyware |
|
|
Yef wrote:
| Quote: | Erik Funkenbusch wrote:
As usual, your "shoot first and ask questions later" approach is
wrong.
Your response is comical, because it does not in any way
refute my assertion that a program tried to access the Internet
or that it arises out of XP service pack 2. As you yourself said,
you should not shoot first and ask questions later, but this is
what you have done, because you have not refuted the substance
of my argument, but you have only nitpickingly accused me of making
an error, which is childish of you. May I ask how old you are?
|
Of course he only "nitpickingly" tried to point out an errelevant error. It
seems to be Eric's obsession to defend MS at ALL COST. One of the tactics
he uses is to try to divert attention from the real issue by "nitpickingly"
errelevant errors. |
|
| Back to top |
|
|
7
Guest
|
| Posted:
Mon Mar 28, 2005 10:02 pm Post subject:
Re: More apparent M$ spyware |
|
|
Yef wrote:
| Quote: | Erik Funkenbusch wrote:
As usual, your "shoot first and ask questions later" approach is
wrong.
Your response is comical, because it does not in any way
refute my assertion that a program tried to access the Internet
or that it arises out of XP service pack 2. As you yourself said,
you should not shoot first and ask questions later, but this is
what you have done, because you have not refuted the substance
of my argument, but you have only nitpickingly accused me of making
an error, which is childish of you. May I ask how old you are?
|
Ah yes, you just experienced the Erik Funkenbusch shuffle all over again.
I use open source and free privoxy http://www.privoxy.org
I set up windopes IE to use 127.0.0.1:8118 after privoxy
is installed to route all the http internet traffic through it.
Then in the user.actions file, I put in the banned section
all the IP addresses that I do not want programs to make
outgoing calls to. Privoxy keeps a log of all web accesses
so you can see some of the software making home calls.
Mind you, you do have the commercial software
zone alarm, and it does block stuff to order.
So my privoxy is somewhat redundant in your case,
but if others don't have zone alarm
then privoxy is the way to go.
Privoxy also filters out the ads and popus, so it greatly speeds up
web surfing experience anyway. |
|
| Back to top |
|
|
generalpf@gmail.com
Guest
|
| Posted:
Tue Mar 29, 2005 12:07 am Post subject:
Re: More apparent M$ spyware |
|
|
His response was correct, and your response was comical. Unless you
can show what DLL rundll.exe was running, you can't say _who_ was
accessing the Internet.
If I write some spyware for Linux and it runs on kde, since it will be
a kdeinit process, would I say KDE is spyware? No. |
|
| Back to top |
|
|
Tim Smith
Guest
|
| Posted:
Tue Mar 29, 2005 12:28 am Post subject:
Re: More apparent M$ spyware |
|
|
In article <1112021464.784030.23380@g14g2000cwa.googlegroups.com>, Yef
wrote:
| Quote: | But clearly there is a DLL that is a part of Service Pack 2 that is the
second program trying to send out info.
|
That doesn't follow from your data. Rundll32 is a DLL execution shell that
has been in Windows since the begining of time. What is happening on your
system is that *something* is using rundll32 to run some DLL. At this
point, you have no idea what the something is or what DLL is involved.
--
--Tim Smith |
|
| Back to top |
|
|
chrisv
Guest
|
| Posted:
Tue Mar 29, 2005 12:41 am Post subject:
Re: More apparent M$ spyware |
|
|
generalpFUD@gmail.com wrote:
| Quote: | His response was correct, and your response was comical. Unless you
can show what DLL rundll.exe was running, you can't say _who_ was
accessing the Internet.
If I write some spyware for Linux and it runs on kde, since it will be
a kdeinit process, would I say KDE is spyware? No.
|
Did someone say "give us our daily FUD"? |
|
| Back to top |
|
|
generalpf@gmail.com
Guest
|
| Posted:
Tue Mar 29, 2005 1:04 am Post subject:
Re: More apparent M$ spyware |
|
|
So that's your response? The OP is shown to be an idiot, and that's
your response?
You guys are lame. |
|
| Back to top |
|
|
OK
Guest
|
| Posted:
Tue Mar 29, 2005 6:54 am Post subject:
Re: More apparent M$ spyware |
|
|
On 28 Mar 2005 06:51:04 -0800, "Yef" <e97y@yahoo.com> wrote:
| Quote: | But clearly there is a DLL that is a part of Service Pack 2
that is the second program trying to send out info.
|
Or maybe you are just an idiot who don't know shit about what he's
talking about. Why don't you Google on rundll32.exe? |
|
| Back to top |
|
|
Michael Pelletier
Guest
|
| Posted:
Tue Mar 29, 2005 8:38 am Post subject:
Re: More apparent M$ spyware |
|
|
Freddy wrote:
| Quote: |
Yef wrote:
snip lies
Stop telling lies, you linux pukes.
-
|
Hummmm....a little jealous maybe? Tired of getting scammed everyday? Maybe
tired of being a sucker?
--
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald |
|
| Back to top |
|
|
Michael Pelletier
Guest
|
| Posted:
Tue Mar 29, 2005 8:38 am Post subject:
Re: More apparent M$ spyware |
|
|
OK wrote:
| Quote: | On 28 Mar 2005 06:51:04 -0800, "Yef" <e97y@yahoo.com> wrote:
But clearly there is a DLL that is a part of Service Pack 2
that is the second program trying to send out info.
Or maybe you are just an idiot who don't know shit about what he's
talking about. Why don't you Google on rundll32.exe?
|
Decaf coffee anyone?
--
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald |
|
| Back to top |
|
|
Michael Pelletier
Guest
|
| Posted:
Tue Mar 29, 2005 8:38 am Post subject:
Re: More apparent M$ spyware |
|
|
generalpf@gmail.com wrote:
| Quote: | His response was correct, and your response was comical. Unless you
can show what DLL rundll.exe was running, you can't say _who_ was
accessing the Internet.
If I write some spyware for Linux and it runs on kde, since it will be
a kdeinit process, would I say KDE is spyware? No.
|
Chill. I do not think he was saying that...man you guys are overly
sensitive...
--
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald |
|
| Back to top |
|
|
Michael Pelletier
Guest
|
| Posted:
Tue Mar 29, 2005 8:38 am Post subject:
Re: More apparent M$ spyware |
|
|
generalpf@gmail.com wrote:
| Quote: | So that's your response? The OP is shown to be an idiot, and that's
your response?
You guys are lame.
|
I second that. They are very lame...and useless too....The guy asks a
question and the jump all over him. Come on. Is this the kindergarden hour?
--
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald |
|
| Back to top |
|
|
|
|
|
|
Profile
Log in to check your private messages
Log in