Re: More apparent M$ spyware
From: Erik Funkenbusch (erik_at_despam-funkenbusch.com)
Date: 03/28/05
- Next message: Yef: "Re: More apparent M$ spyware"
- Previous message: Freddy: "Re: More apparent M$ spyware"
- In reply to: Yef: "More apparent M$ spyware"
- Next in thread: Yef: "Re: More apparent M$ spyware"
- Reply: Yef: "Re: More apparent M$ spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 09:45:56 -0600
On 28 Mar 2005 06:51:04 -0800, Yef wrote:
> Second:
>
> rundll32.exe, version 5.1.2600.2180 (xpsp_sp2_rtm.[some #s])
> dest IP = 63.218.7.132 protocol HTTP
> I assume on port 80, as the firewall doesn't say.
> I am guessing that someone is deliberately spying.
> Whether Beyond the Network is actively helping or is just
> a conduit, I cannot determine.
>
> But clearly there is a DLL that is a part of Service Pack 2
> that is the second program trying to send out info.
This is a misunderstanding on your part. RunDLL is not a DLL, as the .exe
on the end of it shows. It's a "host" program that, as the name implies,
"Runs DLL's". It takes a DLL name as a parameter and an entry point
ordinal as the other and calls whatever function that is.
RunDLL is used by all kinds of programs, including third party apps, to
run. RunDLL itself doesn't access the internet, but whatever DLL it's
hosting might.
As an example:
http://www.robvanderwoude.com/index.html
As usual, your "shoot first and ask questions later" approach is wrong.
- Next message: Yef: "Re: More apparent M$ spyware"
- Previous message: Freddy: "Re: More apparent M$ spyware"
- In reply to: Yef: "More apparent M$ spyware"
- Next in thread: Yef: "Re: More apparent M$ spyware"
- Reply: Yef: "Re: More apparent M$ spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
