1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Message from Sygate

Discussion in 'Virus & Other Malware Removal' started by axkman, Jul 11, 2006.

Thread Status:
Not open for further replies.
  1. axkman

    axkman Thread Starter

    Joined:
    May 23, 2003
    Messages:
    123
    I ahve recently installed Sygate Personal Firewall, and the following appeared on my screen:

    "NDIS User mode I/O driver (indisuio.sys has received an ICMP Type O (Echo Reply) packet from (192.168.1.254). Do you want to allow this program to access the network?"

    This is in addition to regular pop-ups from Sygate concerning NDIS User mode I/O driver.

    I understand that this has something to do with Windows XP that I am running, but mine is a stand-alone PC ie not networked, and I am connected through ADSL, not wireless.

    Can I safely deny access to this program, which seems to be constantly trying to send and receive messages from somewhere.

    Many thanks for any help with what seems to be (I hope) just a minor irritation. :confused:
     
  2. Blink182

    Blink182 Banned

    Joined:
    Jul 8, 2006
    Messages:
    602
    Howdy axkman! :)


    Look at the Information below and also look at some links at the end.

    I would suspect that it's the Wireless Zero Configuration service using
    ndisuio.sys.

    Are you using a wireless setup?


    You can for sure determine if traffic/packets are leaving your machine by
    using a packet sniffer like Ethereal (free use Google) and what IP(s) the
    packets are going too.

    You may have a Trojan or Spyware you may need to find so use Process
    Explorer or PRCview (both free) to look at processes running on the
    machine, you can look inside a running process to see what's using the
    process.
    It may be that some spyware is using NIDS to get out.

    Go to Administrative Tools/Services and find the Wireless Zero
    Configuration and disable it. You can look at the Dependencies and see that
    it's using NDIS.

    You don't need WZC running on the machine even if you do have a wireless
    setup on the machine.


    Use IPsec that's on the XP O/S to supplement Sygate, which can be used
    block inbound or outbound by IP, port, protocol, DNS etc., etc. I use IPsec
    to supplement BlackIce. I use BalckIce to shutdown something like
    ndisuio.sys from communicating but allow it to run.

    You should *harden* the XP O/S to attack and shutdown some of the stuff you
    don't need running or accessible.


    LINK 1
    LINK 2
    LINK 3
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482251

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice