|
|
View previous topic :: View next topic |
Author |
Message |
dennisb
Joined: 13 Jun 2005 Posts: 3 Location: Hillsboro, Oregon
|
Who and why is ICD-U40 and MachX trying to connect to ???? |
Posted: Mon Jun 13, 2005 4:48 pm |
|
|
Howdy,
My Icd's and my MachX have developed a common problem.
Whenever I try to access them, either via icon or from within the IDE, they fail to load, I see them in the task list, but the app's just hang.
I then deleted all CCSI programs and FTD drivers and reloaded the latest versions of everything. Same problem, neither Icd or MachX will come up.
But, I did notice that whenever I tried to start either device, my network gets accessed.
So, I disable my local network connection and both programs come right up. Enable the network and it hangs, re-disable it and everything works.
Who and Why are my Icd's and MachX's trying to call and why won't they come up if there is no response (snagged by the Firewall).
Lately these tools have wasted alot of my time and now I find them calling home....
Anybodyelse observe this ????
Thanks.... DennisB |
|
|
Darren Rook
Joined: 06 Sep 2003 Posts: 287 Location: Milwaukee, WI
|
|
Posted: Mon Jun 13, 2005 7:23 pm |
|
|
E.T., phone home!
Terminator, Rise of the Machines!
Anyone else got something?
PS - sounds like your computer is infected with spyware. |
|
|
Guest
|
|
Posted: Mon Jun 13, 2005 11:40 pm |
|
|
Howdy,
I tried Adware, latest signatures for spyware and TrendMicro for latest virus signatures and both say no....
I'll run EtherPeek tomorrow and see where we are trying to talk to...
Was hoping there was an easy answer, like the ICD looking to verify the latest release....
Thanks for the inputs though.....
DennisB |
|
|
Darren Rook
Joined: 06 Sep 2003 Posts: 287 Location: Milwaukee, WI
|
|
Posted: Tue Jun 14, 2005 6:30 am |
|
|
ICD and Mach-X don't communicate over the network, so there's no hidden feature you have to worry about. Yes, run a packet sniffer - I would like to know where the communication is going. |
|
|
dennisb
Joined: 13 Jun 2005 Posts: 3 Location: Hillsboro, Oregon
|
|
Posted: Tue Jun 14, 2005 3:43 pm |
|
|
Howdy,
As I mentioned before, TrendMicro says the system is clean for viruses, and Adware reported a few cookies, but that was it.
I've re-run both programs with the same results.
I installed Tiny FireWall and my normal programs ran as usual.
But, when I try to run ICD.EXE from the desk top, Tiny Firewall fires off these messages.....
Count:1
Action:Prevented
Application:Icd.exe
Access:Using dangerous system privileges
Object:AdjustTokenPrivileges(SeSecurityPrivilege,SeBackupPrivilege,SeTakeOwnershipPrivilege,SeDebugPrivilege,SeIncreaseQuotaPrivilege)
Interface:
Time:6/14/2005 2:22:22 PM
Count:1
Action:Prevented
Application:Icd.exe
Access:Injecting code into other processes
Object:VirtualProtect(kernel32.dll) from C:\Program Files\Webroot\Spy Sweeper\sis.dll
Interface:
Time:6/14/2005 2:22:22 PM
Count:1
Action:Prevented
Application:Icd.exe
Access:Injecting code into other processes
Object:VirtualProtect(advapi32.dll) from C:\Program Files\Webroot\Spy Sweeper\sis.dll
Interface:
Time:6/14/2005 2:22:23 PM
And when I try to run MachX from the desk top, I get these messages......
Count:1
Action:Prevented
Application:machx.exe
Access:Using dangerous system privileges
Object:AdjustTokenPrivileges(SeSecurityPrivilege,SeBackupPrivilege,SeTakeOwnershipPrivilege,SeDebugPrivilege,SeIncreaseQuotaPrivilege)
Interface:
Time:6/14/2005 2:29:38 PM
Count:1
Action:Prevented
Application:machx.exe
Access:Injecting code into other processes
Object:VirtualProtect(kernel32.dll) from C:\Program Files\Webroot\Spy Sweeper\sis.dll
Interface:
Time:6/14/2005 2:29:39 PM
Count:1
Action:Prevented
Application:machx.exe
Access:Injecting code into other processes
Object:VirtualProtect(advapi32.dll) from C:\Program Files\Webroot\Spy Sweeper\sis.dll
Interface:
Time:6/14/2005 2:29:40 PM
Count:1
Action:Prevented
Application:machx.exe
Access:Injecting code into other processes
Object:VirtualProtect(machx.exe) from C:\Program Files\PICC\machx.exe
Interface:
Time:6/14/2005 2:29:40 PM
Count:1
Action:Monitored
Application:machx.exe
Access:Delete registry key
Object:HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
Interface:
Time:6/14/2005 2:29:39 PM
Count:1
Action:Monitored
Application:machx.exe
Access:Delete registry value
Object:HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\\DWFileTreeRoot
Interface:
Time:6/14/2005 2:29:39 PM
So I have something wrong with my CCSI products, but I'm not sure what.....
Guess I'll re-nuke both devices ( ICD and MACHX ) and start over.....
Thanks.......
DennisB |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|