Hi all, I just downloaded port explorer 1.3500 after discovering I had probot se on my system My question is when I run port explorer I get two red lines and each are lsass.exe I read here that this is a glitch but I am still concerned as one line says it is listening with a remote address of 142.161.130.155 port 53. There has been some send and receive activity as well? Should I be concerned or wait until the new version comes out that will fix this if it is a bug? thanks
Hi Malikai, I would not be concerned about the activity on the remote address of 142.161.130.155 port 53 as this is just domain name services interaction with what appears to be a DNS server at mts.net. If that is your ISP, then this is probably normal. Best Wishes, LowWaterMark
Any ideas how the probot se came on your system, how did you find it and are you sure it's completely removed with all the logs etc? (TDS ?)
I detected it with pest patrol and it was bound to a mp3 file. I hope it removed it all but I have been unsuccessful in finding any information on what exactly it installs on a system and where the logs are kept. All my searches just turn up places to download it? I've since scanned with pest patrol, TDS-3 and the cleaner and have not detected anything. Any advice? Thanks.
http://www.google.nl/search?q=cache:rlbKo64HXGkC:www.pestpatrol.com/PestInfo/P/ProBot_Activity_Monitor.asp+%22probot+se%22&hl=nl&ie=UTF-8 This is the info on the PP site. I copy their files / regkeys listed there. Before removing all i'm sure you want to know "whodidittoyou" and where the logs were supposed to be emailed to. The log can have every name maybe. Look for the whole description the page and links there. Do at least a full scan with TDS with everything checked and highest sensitivity for all logging executables etc. SpybotS&D locate logfiles on your system too, would certainly try and look into them if possible. That probot.chm file is likely a helpfile which can give more info. (i'm not saying to download the latest eval version to be able to read that in case, better keep away completely.) Those instview, instview.ini , qlog.ini and qsess.ini files look interesting, as well as the config files. If you locate them, drag them to your notepad to look safely inside them. Of course i hope you're all free from it completely, but in case not, you have some guidance what to look for. If you're not really familiar with editing the registry, leave that out for the moment as it can't do a thing if the files are not there. Is Port Explorer also not showing any other hidden processes? Uninstall the administrator components by running the uninstall wizard, in c:\Program Files\NetHunter Group. Or delete the files listed, and clear the registry entries shown. Files installed likely include: C:\Program Files\NetHunter Group\ProBotSE\pbcommon.dll C:\Program Files\NetHunter Group\ProBotSE\uninstall.exe C:\Program Files\NetHunter Group\ProBotSE\readme.txt C:\Program Files\NetHunter Group\ProBotSE\license.txt C:\Program Files\NetHunter Group\ProBotSE\order.txt C:\Program Files\NetHunter Group\ProBotSE\faq.txt C:\Program Files\NetHunter Group\ProBotSE\probot.chm C:\Program Files\NetHunter Group\ProBotSE\pbcpl.exe C:\Program Files\NetHunter Group\ProBotSE\depgen.exe C:\Program Files\NetHunter Group\ProBotSE\InstView\instview.exe C:\Program Files\NetHunter Group\ProBotSE\InstView\pbcommon.dll C:\Program Files\NetHunter Group\ProBotSE\InstView\instview.ini C:\Program Files\NetHunter Group\ProBotSE\InstView\q.exe C:\Program Files\NetHunter Group\ProBotSE\InstView\qlog.ini C:\Program Files\NetHunter Group\ProBotSE\InstView\qsess.ini C:\Program Files\NetHunter Group\ProBotSE\InstView\iv_back.gif C:\Program Files\NetHunter Group\ProBotSE\InstView\iv_left.gif C:\Program Files\NetHunter Group\ProBotSE\InstView\index.html C:\Program Files\NetHunter Group\ProBotSE\InstView\main.htm C:\Program Files\NetHunter Group\ProBotSE\InstView\left.htm C:\WINNT\System32\jcibek12.exe C:\WINNT\System32\ebogig39.dll C:\WINNT\System32\drivers\iqaxap23.sys C:\WINNT\System32\drivers\jxasig08.sys C:\Program Files\NetHunter Group\ProBotSE\Config\convhtml.ini C:\Program Files\NetHunter Group\ProBotSE\Config\convtext.ini C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse2.dat C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse3.dat C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse4.dat C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse5.dat C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse6.dat C:\Program Files\NetHunter Group\ProBotSE\Config\deppbse7.dat C:\Program Files\NetHunter Group\ProBotSE\uninstall.dat Registry Changes: Software\utikaniw42\Schedule Software\utikaniw42 SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312FA154-E1B7-4336-9833-EE6B38D58B56} SYSTEM\CurrentControlSet\Services\iqaxap23 SYSTEM\CurrentControlSet\Services\jxasig08 [registry values] Software\Microsoft\Windows\CurrentVersion\RunServices\jxigjt21 Software\Microsoft\Windows\CurrentVersion\Run\jxigjt21 Strokes Captured to: Configurable log file. Delete these directories as well: C:\Program Files\NetHunter Group\ProBotSE C:\Program Files\NetHunter Group\ProBotSE\Archive C:\Program Files\NetHunter Group\ProBotSE\Config C:\Program Files\NetHunter Group\ProBotSE\InstView C:\Documents and Settings\administrator.RD\Start Menu\Programs\NetHunter Group\ProBot SE\Tools C:\Documents and Settings\administrator.RD\Start Menu\Programs\NetHunter Group\ProBot SE C:\Documents and Settings\administrator.RD\Start Menu\Programs\NetHunter Group