Port Explorer.exe stopped by csrss.exe

Discussion in 'Port Explorer' started by MEGAFREAK, Feb 20, 2006.

Thread Status:
Not open for further replies.
  1. MEGAFREAK
    Offline

    MEGAFREAK Registered Member

    Hi There,

    recently I saw a new version of Port Explorer Demo, tried to install(worked) and to start the port explorer.exe, but starting did not work. Because of some forensic research I found Antihook, installed and it revealed that csrss.exe has a loop routine to terminate port explorer.exe, for a short time Port Explorer worked but after some reboots Antihook wasn´t capable to maintain the port explorer.exe protection. (Antihook has some leaks in protecting processes I noticed, but nevertheless a really great tool, also because it was the only tool that revealed the csrss kill routine)
    Then I tried to start Port Explorer several times and the PC slowed down totally 90% CPU, about 5 Port Explorer.exe´s found in Taskmgr, the whole PC was nearly freezed because of this phenomenon.

    Some days later I decided to reinstall Win XP Pro Sp2, but the same again.
    VICE does not work, but fu -pl (good process lister) found a 10 digit pid with empty cases, could that be a bios/mbr/acpi rootkit?

    Another question for Pros: the comctl32.dll Hook in several win application like regedit, does that mean a normal behaviour?
    Last edited: Feb 20, 2006
Thread Status:
Not open for further replies.