Re: Spooler subsystem app accessing DNS
From: Steven L Umbach (sumbach_at_ameritech.net)
Date: 05/10/03
- Next message: al: "Secure email solution"
- Previous message: Alan Goodjohn: "Re: --==Hardware Firewall Question==--"
- In reply to: Boogie Woogie Flu: "Re: Spooler subsystem app accessing DNS"
- Next in thread: Don Kelloway: "Re: Spooler subsystem app accessing DNS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 10 May 2003 14:20:07 GMT
I use Kerio, so I am unfamiliar with how ZA works. If it was my
computer, I would create a firewall rule to let spooler access the dns
server and log it to see if I could get more information on traffic it is
sending it. Or I would use a packet sniffer to capture the traffic outbound
port 53 to see what it wants to resolve which should give a clue as to what
is going on. If you are concerned about trojan or spyware activity, I would
run something like Pest Patrol. You could also run System File Checker sfc
/scannow if you think your spooler file has been changed. Just be sure to
have your install cdrom handy if you do that. --- Steve
"Boogie Woogie Flu" <spam@email.sux> wrote in message
news:M0%ua.893$TM6.102@nwrddc02.gnilink.net...
> > It may access the ISP dns server to find the website it wants,
> since
> > ip addresses may change over time.
>
> I doubt that it's caused Photoshop or Photo Editor looking for
registration
> or updates because different things happens when a program tries to check
> for updates or registration
>
> For example: ZoneAlarm gives me an alert when I launch Acrobat Reader. The
> program that's trying to access the internet is AcroRd32.exe, not Spooler
> Subsystem App and an nslookup on the address reveals that the target IP
> address belongs to adobe.com, not a DNS server.
>
> I have allowed the program access to see what would happen, but nothing
> happens *that I can see.*
>
> The only thing I can suggest to track
> > down what is happening is to try a trace as I suggested in original
> > st. ---
>
> A trace to find out what? What I already know, that the target IP is my
> ISP's DNS?
>
>
> >
> > "Boogie Woogie Flu" <spam@email.sux> wrote in message
> > news:qhTua.275$TM6.194@nwrddc02.gnilink.net...
> > > > I have noticed some applications try to access websites for
> > > drivers,
> > > > application updates, registration, etc. Probably nothing malicious.
If
> > you
> > > > are curious, let it proceed sometime to see what happens - maybe to
> the
> > > > point where you can identify the website it wants to access by using
> > > > nslookup against the ip address it wants to access. I usually just
> block
> > > > this stuff without getting any annoying notification. --- Steve
> > > >
> > >
> > > This was my original thought. I could see this for Photoshop maybe,
but
> > > Microsoft Photo Editor? This program is years old and updates are only
> > > available through MS Office Service Releases. There is no
registration,
> > > automatic update or update notification function in this application,
> I'm
> > > pretty sure of that. And if this were the case, would it not access
the
> > > software maker's website and not my ISP's DNS? Most importantly, it's
> not
> > > the app itself trying to access the internet, it's the Spooler
Subsystem
> > > App. It seems to happen only when I launch these programs.
> > >
> > >
> >
> >
>
>
- Next message: al: "Secure email solution"
- Previous message: Alan Goodjohn: "Re: --==Hardware Firewall Question==--"
- In reply to: Boogie Woogie Flu: "Re: Spooler subsystem app accessing DNS"
- Next in thread: Don Kelloway: "Re: Spooler subsystem app accessing DNS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
