Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: svcnxp32.exe ring a bell with anyone?

from [Martin Fries] Network Security [Permanent Link]
Subject: Re: svcnxp32.exe ring a bell with anyone?
Date: Tue, 7 Sep 2004 08:40:32 +0200 (MEST) 
Hi,

I´ve found
something.
http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&threadm=FADE0399-466D-488C-8C7D-6CA311F3147F%40microsoft.com&rnum=2&prev=/groups%3Fq%3Dsvcnxp32.exe%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26selm%3DFADE0399-466D-488C-8C7D-6CA311F3147F%2540microsoft.com%26rnum%3D2
It´s not much information. But I hope it´s enough.

Martin


Hey list,

Rebooted my XP-box today to do a chkdsk. When it came back up my firewall
went beserk, warning me about an application called "svcnxp32.exe" trying
to
connect to 82.36.152.102

I don't know what it is - I just know it has no business doing that. A
Google search for svcnxp32.exe came up blank.

After removing svcnxp32.exe from my registry and deleting the file from
C:\Windows\System32 I scanned my system with Kaspersky. No infection.
Scanned with AdAware, same result.

A RIPE WhoIs lookup on IP 82.36.152.102 shows it as belonging to
Blueyonder,
apparently an Internet provider located in England. I've emailed their
abuse-department (not holding my breath though), but would like to hear
from
you all if you've run into this or something similar?

Using Tiny Personal Firewall, my log showed this:

Count:1
Module:Firewall
Action:Prevented
Application:svcnxp32.exe
Access:Outbound TCP access
Object:1027 -> 82.36.152.102
(82-36-152-102.cable.ubr04.perr.blueyonder.co.uk):6667 (ircu)
Interface:[9] Intel(R) PRO/100 VE Network Connection
Time:05-September-2004 23:46:40

Regards,

Jes



-- 
NEU: Bis zu 10 GB Speicher für e-mails & Dateien!
1 GB bereits bei GMX FreeMail http://www.gmx.net/de/go/mail
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: svcnxp32.exe ring a bell with anyone?, Simon
Next by Date:  RE: svcnxp32.exe ring a bell with anyone?, Jes
Previous by Thread:  RE: svcnxp32.exe ring a bell with anyone?, Jes
Next by Thread:  Re: svcnxp32.exe ring a bell with anyone?, Calvin Maready
Indexes:  [Date] [Thread] [Top] [All Lists]