Help with red line

Discussion in 'Port Explorer' started by Malikai, Mar 1, 2003.

Thread Status:
Not open for further replies.
  1. Malikai

    Malikai Registered Member

    Joined:
    Mar 1, 2003
    Posts:
    4
    Hi all,
    I just downloaded port explorer 1.3500 after discovering I had probot se on my system :oops:
    My question is when I run port explorer I get two red lines and each are lsass.exe I read here that this is a glitch but I am still concerned as one line says it is listening with a remote address of 142.161.130.155 port 53. There has been some send and receive activity as well?
    Should I be concerned or wait until the new version comes out that will fix this if it is a bug?

    thanks
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Hi Malikai,

    I would not be concerned about the activity on the remote address of 142.161.130.155 port 53 as this is just domain name services interaction with what appears to be a DNS server at mts.net. If that is your ISP, then this is probably normal.

    Best Wishes,
    LowWaterMark
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello Mlikai, The new release V1.5 is imminent
     
  4. Malikai

    Malikai Registered Member

    Joined:
    Mar 1, 2003
    Posts:
    4
    Thanks for your help, I am alot less paranoid now :)
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Any ideas how the probot se came on your system, how did you find it and are you sure it's completely removed with all the logs etc?
    (TDS ?)
     
  6. Malikai

    Malikai Registered Member

    Joined:
    Mar 1, 2003
    Posts:
    4
    I detected it with pest patrol and it was bound to a mp3 file. I hope it removed it all but I have been unsuccessful in finding any information on what exactly it installs on a system and where the logs are kept.
    All my searches just turn up places to download it? I've since scanned with pest patrol, TDS-3 and the cleaner and have not detected anything.
    Any advice?

    Thanks.
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    http://www.google.nl/search?q=cache:rlbKo64HXGkC:www.pestpatrol.com/PestInfo/P/ProBot_Activity_Monitor.asp+%22probot+se%22&hl=nl&ie=UTF-8

    This is the info on the PP site. I copy their files / regkeys listed there.
    Before removing all i'm sure you want to know "whodidittoyou" and where the logs were supposed to be emailed to.
    The log can have every name maybe.
    Look for the whole description the page and links there.
    Do at least a full scan with TDS with everything checked and highest sensitivity for all logging executables etc.
    SpybotS&D locate logfiles on your system too, would certainly try and look into them if possible.
    That probot.chm file is likely a helpfile which can give more info.
    (i'm not saying to download the latest eval version to be able to read that in case, better keep away completely.)
    Those instview, instview.ini , qlog.ini and qsess.ini files look interesting, as well as the config files. If you locate them, drag them to your notepad to look safely inside them.

    Of course i hope you're all free from it completely, but in case not, you have some guidance what to look for.
    If you're not really familiar with editing the registry, leave that out for the moment as it can't do a thing if the files are not there.
    Is Port Explorer also not showing any other hidden processes?


    Uninstall the administrator components by running the uninstall wizard, in c:\Program Files\NetHunter Group. Or delete the files listed, and clear the registry entries shown.
    Files installed likely include:
    C:\Program Files\NetHunter Group\ProBotSE\pbcommon.dll
    C:\Program Files\NetHunter Group\ProBotSE\uninstall.exe
    C:\Program Files\NetHunter Group\ProBotSE\readme.txt
    C:\Program Files\NetHunter Group\ProBotSE\license.txt
    C:\Program Files\NetHunter Group\ProBotSE\order.txt
    C:\Program Files\NetHunter Group\ProBotSE\faq.txt
    C:\Program Files\NetHunter Group\ProBotSE\probot.chm
    C:\Program Files\NetHunter Group\ProBotSE\pbcpl.exe
    C:\Program Files\NetHunter Group\ProBotSE\depgen.exe
    C:\Program Files\NetHunter Group\ProBotSE\InstView\instview.exe
    C:\Program Files\NetHunter Group\ProBotSE\InstView\pbcommon.dll
    C:\Program Files\NetHunter Group\ProBotSE\InstView\instview.ini
    C:\Program Files\NetHunter Group\ProBotSE\InstView\q.exe
    C:\Program Files\NetHunter Group\ProBotSE\InstView\qlog.ini
    C:\Program Files\NetHunter Group\ProBotSE\InstView\qsess.ini
    C:\Program Files\NetHunter Group\ProBotSE\InstView\iv_back.gif
    C:\Program Files\NetHunter Group\ProBotSE\InstView\iv_left.gif
    C:\Program Files\NetHunter Group\ProBotSE\InstView\index.html
    C:\Program Files\NetHunter Group\ProBotSE\InstView\main.htm
    C:\Program Files\NetHunter Group\ProBotSE\InstView\left.htm
    C:\WINNT\System32\jcibek12.exe
    C:\WINNT\System32\ebogig39.dll
    C:\WINNT\System32\drivers\iqaxap23.sys
    C:\WINNT\System32\drivers\jxasig08.sys
    C:\Program Files\NetHunter Group\ProBotSE\Config\convhtml.ini
    C:\Program Files\NetHunter Group\ProBotSE\Config\convtext.ini
    C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse2.dat
    C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse3.dat
    C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse4.dat
    C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse5.dat
    C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse6.dat
    C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse7.dat
    C:\Program Files\NetHunter Group\ProBotSE\uninstall.dat

    Registry Changes: Software\utikaniw42\Schedule
    Software\utikaniw42
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312FA154-E1B7-4336-9833-EE6B38D58B56}
    SYSTEM\CurrentControlSet\Services\iqaxap23
    SYSTEM\CurrentControlSet\Services\jxasig08


    [registry values]
    Software\Microsoft\Windows\CurrentVersion\RunServices\jxigjt21
    Software\Microsoft\Windows\CurrentVersion\Run\jxigjt21

    Strokes Captured to: Configurable log file.


    Delete these directories as well:

    C:\Program Files\NetHunter Group\ProBotSE
    C:\Program Files\NetHunter Group\ProBotSE\Archive
    C:\Program Files\NetHunter Group\ProBotSE\Config
    C:\Program Files\NetHunter Group\ProBotSE\InstView
    C:\Documents and Settings\administrator.RD\Start Menu\Programs\NetHunter Group\ProBot SE\Tools
    C:\Documents and Settings\administrator.RD\Start Menu\Programs\NetHunter Group\ProBot SE
    C:\Documents and Settings\administrator.RD\Start Menu\Programs\NetHunter Group
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.