navieg.exe problem - using port explorer

Discussion in 'Port Explorer' started by sifer, Apr 1, 2004.

Thread Status:
Not open for further replies.
  1. sifer

    sifer Guest

    I just purchased port explorer and I have this question.

    1) It shows 'system' as the process in the top pain but in the bottom pain it shows the actual file name. In my case, navieg.exe, with is norton antivirus for gateways. Why is this?

    I want to 'spy' on this process but the option is not available?

    2) anyone know of a known issue with nav for gateways that would explain this: navieg.exe is constantly trying to connect to several known spam servers (all within same IP range). It is being blocked by my firewall but it is eating up a lot of cpu time. I need to find out why it is doing this. virus/trojan/mail bomber?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello Sifer and welcome!
    Are you sure the navieg.exe is not also somewhere under that name in the top pane to be seen with the same ports in use?
    Lots of time ports are there in pairs, one time for instance with the application, the other time as SYSTEM.

    On the Application or at the socket you can enable spying, but not on the SYSTEM sockets indeed.
    Rightclicking on them, either the socket or the process enable spying.
    Mind you: once enabled the capture.bin can grow rather fast and rather big! So don't forget to save it away with another name or clean it out regularly when no longer needed.

    Scan your navieg.exe with TDS and submit it for testing (zipped please) to submit@diamondcs.com.au to find out if it might be infected.
    Is this the only thing you notice or are there more suspicious happenings?
    It would serve if you get from the DiamondCS products page the AutoStartViewer (free tools) check aall options and post the log so the experts can advice yuou if there is anything wrong!

    Looking forward to your log!
     
  3. sifer

    sifer Guest

    I had some other issues come up. I will continue with this on monday. Just letting you know I havn't disappeared and that I will send you the file and log on monday. Thanks.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    It's ok, and thanks for letting us know.
    In the meantime, i don't trust the file till proven clean.
    A nastie could have replaced the clean original for instance.
    Do you recall when this behavior of that file started?
    When you rightclick on the file please look at the properties and if there is a recent creation or modification date, at least from after your install of the original NAV installation.
    First it is important to know what is wrong with the file and which malware it could be, to look for other nasties and files on your system.
    If the file is found clean and original, you might like to restore your system to an earlier date and see if the problem has gone then.
     
  5. root9

    root9 Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    15
    downloaded the eval of td3.

    1) I updated the radius.td3 file per instruction on diamondcs site but tds still displays the 'warning' message indicating that I need to update the radius file?

    2) I copied the file in question from the machine it was on to my own workstation to scan with tds (eval version). I am not that familair with this software or diamondcs yet and don't want to install it on a production server without proper research. I am VERY impressed with the DiamondCS Port Explorer so far though so after I become more familiar with TDS and if I like it I will likely purchase a copy for the server! So, I right-clicked this file and chose to scan with tds. The output from tds indicates "[file scan] c:\pathToFile\file.exe" but then never another line indicating it finished? The other types of events I see indicate a start and a finish. This file scan indicates nothing? something wrong?
     
  6. root9

    root9 Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    15
    whoops, forgot to mention: I orginally posted as a non-registered user (sifer). I have since registered under the user root9. So sifer is me, root9 :D
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    The trial version does show the warning message the full version does not but you can see that it is the latest version from the console read out :)

    13:31:22 [Radius] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    13:31:22 [Radius] • Systems Initialised [33257 references - 12335 primaries/9434 traces/11488 variants/other]
    13:31:22 [Radius] Radius Systems loaded. <Databases updated 05-04-2004>

    Hope This Helps - Pilli
     
  8. root9

    root9 Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    15
    yep. I'm up to date. Thanks!
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you scan but one file it scans and says nothing unless something is wrong. We have added to the wishlist to have some line telling it is finished or clean or whatever.
    If you look in the scan control you can select for instance a folder or directory or drive to be scanned and then you wil see in the bottom console the alerts and in the main console the scan has finished.
    So no alert, file clean.
     
Thread Status:
Not open for further replies.