"Process 888" and "process 948"?

Discussion in 'malware problems & news' started by Steff Wiltersen, Mar 9, 2002.

Thread Status:
Not open for further replies.
  1. I use ZoneAlarm. Every time I connecting to the Internet, I can see two icons when I have the ZA window open. The icons have a text when I am holding the mouse over them.
    The first icon, says: "Process 888".
    The second icon says: "Process 948. Listening to port(s): TCP: 5000".

    What is this? Could it be any backdoor(s)

    ( I use Windows XP )

    Thanks for all help!

  2. spy1

    spy1 Registered Member

    Dec 29, 2002
    Clover, SC
    ZA codes for WXP services that you have running that are connected? Have you gone through that list of stuff in XP and disabled the ones you don't need? Pete
  3. I am insecure how to disable stuff in XP. The only things I know how to disable, is under the 'Internet properties' function.

    I hope to get more info about how to disable XP stuff.

  4. Woody

    Woody Guest

    A Description of Svchost.exe (Q314056)


    Then to help you out I always thought this guy was helping to write the book on how to understand XP and Networking all the flavors of Microsoft. The site does not look like much but if you click around it is all there.

    Windows XP Home Edition

    Step-by-Step Networking Procedure:
    Test the Network connection


    Then to understand all those new 29 processes going on under svchost.exe( inclunding yourTCP/IP NetBIOS Helper Service, LmHosts, svchost.exe, AFD Networking Support Enviroment, NetBios over TCP/IP),
    BLACK VIPER does it better than anyone and tells you what to do about most of them. Each one of the title blocks can be click and they are all cross linked to give you even more info as to how they are used and if they are really needed for your setup.


    When you are done with all of those..you will know more about XP than 90 percent of the people out..some of those people work at M$> for as you know they still have not figured out where it will all end.


    What is XP-AntiSpy?

    XP-AntiSpy is a little utility that let's you disable some built-in update and authetication 'features' in WindowsXP.
    For example, there's a service running in the background wich is called 'Automatic Updates'. I don't know what this service transfers from my machine to other machines on the internet, especially the MS ones. So I play it safe and disable such functions. If you like, you can even disable these function manually, by going through the System and checking or unchecking some checkboxes. This will take you approximately half an hour. But why wasting time when a little neat utility can do the same in 1 minute? This utility was successfully tested by lots of users, and was found to disable all the known 'Suspicious' Functions in WindowsXP. It's customizeable, but comes up with the Default settings, which are recommended. If you like to get more information about those 'functions',read THIS.

    This utility is FREEWARE! This means, you dont have to pay anything for this program and you can give it to anyone who's interested in, as long as you don't sell it. If you find this tool useful, and wanna gimme something back, then click on my sponsors.

    Windows XP Professional

    WinXP retains the WinMe Restore System feature, so you can rescue your system from a Registry-tweaking error by restoring the system to the last point in which it worked correctly. Before altering the Registry, you can set a new Restore Point. Open the Start menu, select Programs, Accessories, SystemTools, SystemRestore, and set a new Restore point.

    Start faster. There is a bit of a lag to the Start menu before it telescopes up off of the Taskbar in WinXP. To make it snap to attention, go to HKEY_CURRENT _USER\CONTROL PANEL\DESKTOP, right-click the MenuShowDelay value, click Modify, and change the value from 400, the default, to a lower number; a value of 1 gives you the fastest response time.

    Ditch the video effects. Tired of the fade effect in WinXP’s menus? You can make the menus pop up without the cute fade-in transition by changing one binary value in the Registry. Go to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP, locate the UserPreferencesMask value name, and modify the second pair of digits in the Binary Value box from 3e to 28.

    Shoot the messenger. WinXP is determined to get you to use Microsoft’s own Instant Messenger program, so it loads it into the Taskbar at startup. To get rid of the IM program for good, go to HKEY_CURRENT_USER\SOFTWARE\ MICROSOFT\WINDOWS\CURRENTVERSION\RUN and delete the value named MSMSGS.

    Bring back old Desktop icons. New users of WinXP may wonder what happened to the My Documents, Internet Explorer, Network Neighborhood, and My Computer icons that were planted on the Desktop in earlier Windows versions. Most of these icons are still available for the Desktop, but they are buried in the Start menu and other menus. A few twists of the Registry keys will unlock them.

    The values that turn back My Documents, Internet Explorer, My Computer, and Network Neighborhood icons all are in:HKEY_ LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION \EXPLORER\HIDEDESKTOPICONS\NewStartPanel.

    To restore the My Documents icon, right-click the {450D8FBA-AD25-11D0-98A8-0800361B1103} value, modify the Value Data from 1 to 0, and click OK.

    To restore the Internet Explorer icon, right-click {871C5380-42A0-1069-A2EA-08002B30309D}, modify the Value Data from 1 to 0, and click OK.

    To restore the My Network Neighborhood icon, right-click {208D2C60-3AEA-1069-A2D7-08002B30309D}, modify the Value Data from 1 to 0, and click OK.

    To restore the My Computer icon, right-click the {20DD04FE0-3AEA-1069-A2D8-08002B30309D} value, modify the data value from 1 to 0, and click OK.

    The Shared Documents folder. The Shared Documents folder is a handy icon to have in the My Computer screen if you share files across a network. But if you don’t, it is just more clutter. To eliminate this folder, find and delete the Registry key at HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS \CURRENTVERSION\EXPLORER\MYCOMPUTER \NAMESPACE\DELEGATEFOLDERS\ {59031a47-3f72-44a7-89c5-5595fe6b30ee}. This tweak takes effect immediately.

    Give System Monitor some commas. WinXP’s System Monitor is a handy utility that gives you graphical and numerical readouts that track performance and the loads being put on your OS by any active programs or processes. Running System Monitor in the background lets you identify which programs are putting the most strain on your system. The problem is Microsoft left out the commas on the numerical counter, so numbers higher than 10,000 can be maddening to read.

    To put commas into the System Monitor, go to the HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\SystemMonitor key. Add a DWORD Value named DisplayThousandsSeparator. The next time you open System Monitor you’ll see numbers in the more readable, comma-delimited format.

    Resurrect Desktop Icons

    If you were accustomed to grabbing the mouse and heading straight for a Desktop icon to access My Documents, My Computer, My Network Places, or Internet Explorer, you might be surprised to see they’re absent from the Desktop after installing WinXP. To put these icons back, right-click the Desktop and click Properties, Desktop, and Customize Desktop to display the Desktop Items dialog box. On the General tab under Desktop Icons, click the icons you want on the Desktop and click OK.

    Enjoy and good luck,
    Woody ;)
  5. Woody

    Woody Guest


    Current version
    V1.05 5 January 2002

    ZoneLog Analyser reads and displays the log file generated by ZoneLabs' ZoneAlarm and ZoneAlarm Pro (V2.1.10 and later) personal firewall, entries in the log are generated whenever an unauthorised connection is attempted to or from your PC during connection to the Internet. ZoneLog Analyser will attempt to unravel the information that is provided in the ZoneAlarm log file by giving information about the ports used and the ability to 'look up' the intruder's address details.

    Imports the ZoneAlarm log into it's own database for speed of operation.
    Colour coded listing to show severity of known attacks.
    Get full, clear details about each log entry.
    Create reports on specific addresses, ports, time periods, etc.
    Resolve host names for all known IP addresses.
    Link to WHOIS websites or external applications for more detailed info on a particular address.
    Create an email message with details of an attack for reporting attackers to their ISP.
    Tag specific addresses as friend or foe.
    Threat Analysis - picks out the attacks from the noise.
    Easy to use...
  6. javacool

    javacool BrightFort Moderator

    Feb 10, 2002
    I sometimes get the process number notification in ZoneAlarm instead of the process's proper name. This happens sometimes when using Fast-User switching.

    I believe this may also have to do with when ZoneAlarm cannot obtain the process name for some reason - it just uses the process number instead (noticed when shutting down and restarting ZoneAlarm Pro while other programs are active - in 2.6 version).
Thread Status:
Not open for further replies.