BT internet com/ntoskrnl.exe

.The last few weeks ive been getting sygate popping up about a connection from ntoskrnl.exe to btinternet.com and im a little perplexed to why its doing it.Im not on BTinternet ,dont have a bt/yahoo toolbar installed and am (according to my own av,kaspersky and a few others) virus /malware free.Im sure its a harmless and explainable event but alas i cant explain it.Ive taken 4 snapshots of the event and im hoping some firewall expert can decipher it.I hvae netbios disabled using windows worms doors cleaner by the way.
tia
ellison

 

Hi ellison,

I will need to find time to install sygate to confirm:

I am not sure why, after you disable netbios, that "ntoskrnl.exe" would show as on the netbios ports, or attempting to make connections (ntoskrnl.exe should only be at boot).
Is "ntoskrnl.exe" showing in the task manager?

From the pics you have posted, the 3`rd pic shows the contents/flags of a packet,... this is actually part of a closing connection (ACK/FIN), For the start of a connection, then I would expect to see a "SYN" packet on outbound/inbound.

At this time, I would suggest first to re-enable all services/ports you have disabled using WWDC (use WWDC to do this), then manually close down the services. (if you require help to do this, then just ask). I have seen before problems with firewalls after closing services/ports with WWDC.

 

Thanks for reply stem.Actually after opening wwdc (i havent in a while) im not sure whether netbios is disabled at all.One sentence says it will be disabled after next reboot while the button says "enable netbios".However the ports seem to show open.I will need help to do it manually i think though.Heres a screenshot...
Forgot to mention ntoskrnl.exe isnt showing in task manager.Ive checked my network settings for tcip and this is whats showing..not sure if its correct?

 

Hello Stem...
Ive disabled netbios over tcp/ip as show in first image above and rebooted.WWDC still shows the same as the second image however this time ports 137 to 139 are gone from the list...presumably closed.Also ntoskrnl.exe is not showing in sygate anymore listening on those ports ,so i guess im ok now.Im still curious as to where the btinternet connection comes in though.
tia
ellison

 

Hi ellison,

The manual setting (in your pic) for netbios is "Disable NetBIOS over TCP/IP" (to disable).

You can also disable the "LMHOSTS lookup" (info on LMHOSTS)

 

Thanks for the advice...ive disabled both now.I guess using netbios setting from DHCP server was the problem.Im not sure what that means or if thats always been the w2000 default setting,but all seems well now.
thanks again for your interest in the thread.
ellison

 

Well i still seem to get the popup ,however im now 90% certain that the popup occurs after ive run my newsreader xananews and exited it.Why this is im not sure.My newsgroup provider is news.individual.net and news.gmane.org.
anyone have any further ideas?
tia
ellison