[lug] Remember the Win95 system snooper?
stimits at idcomm.com
Fri Aug 18 18:27:54 MDT 2000
Duke Smith wrote:
> Remember? This little snooper caused a stir among those concerned with our
> privacy, & M$ managed to downplay it?
> Well, the other night I was working on my brand-new, almost-an-OS win2KPro
> system with TaskManager sitting at the end of the taskbar, & noticed after I'd
> been running awhile the TaskManager icon would go solid green; checking
> the performance tab showed it was full on. Checkng "processes" sorted by
> CPU usage, there was this little guy called inetinfo.exe running, gobbling up
> all CPU cycles I wasn't using (running at a low enough priority not to interfere
> with my work enough to notice it). Also, I started to notice lights flickering on
> my ENet hub, my INet gateway, & my DSL bridge, when I wasn't doing anything
> to cause this to happen.
> So, I said, "Begone, varlet", and changed its name. Rebooted, and again, after
> running awhile, TaskManager icon goes solid green. So I check again, & guess
> what? There it is again. So I try to remove it from \winnt\system32\inetsrv, and
> of course WinDOS won't let me. So, remembering I could change its name, I
> do that again, then remove it by the new name.
> Sure enough, pretty soon WinDOS starts screaming at me: "Hey, there's this
> program that's absolutely essential for WinDOS to run properly and it seems
> to have disappeared! Quit whatever you're doing, put in the WinDOS 2KPro
> CD, & hit enter." So I sez, p_ss on you, WinDOS, and just reboot again,
> and, strange as it may seem, WinDOS runs fine without it.
> Note that it will also get cached in "dllcache", but that doesn't happen once
> been removed from ".inetsrv"
> Enny body have any idear what this thing is really doing?
> - duke
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
inetinfo.exe is the ISAPI web service. Sounds like something was hitting
an http port and the server was looking for a place to serve. Someone
mentioned you don't need ISAPI, which if you don't want to run web
services, you really should remove as a vulnerability and bloat.
More information about the LUG