[lug] Remember the Win95 system snooper?

Duke Smith duke at firstworld.net
Sat Aug 19 21:35:19 MDT 2000


Yup, apprently I fatfingered the checkbox next to IIS & it installed. I removed it.

"D. Stimits" wrote:

> Duke Smith wrote:
> >
> > Remember? This little snooper caused a stir among those concerned with our
> > privacy, & M$ managed to downplay it?
> >
> > Well, the other night I was working on my brand-new, almost-an-OS win2KPro
> > system with TaskManager sitting at the end of the taskbar, & noticed after I'd
> > been running awhile the TaskManager icon would go solid green; checking
> > the performance tab showed it was full on. Checkng "processes" sorted by
> > CPU usage, there was this little guy called inetinfo.exe running, gobbling up
> > all CPU cycles I wasn't using (running at a low enough priority not to interfere
> > with my work enough to notice it). Also, I started to notice lights flickering on
> >
> > my ENet hub, my INet gateway, & my DSL bridge, when I wasn't doing anything
> > to cause this to happen.
> >
> > So, I said, "Begone, varlet", and changed its name. Rebooted, and again, after
> > running awhile, TaskManager icon goes solid green. So I check again, & guess
> > what? There it is again. So I try to remove it from \winnt\system32\inetsrv, and
> > of course WinDOS won't let me. So, remembering I could change its name, I
> > do that again, then remove it by the new name.
> >
> > Sure enough, pretty soon WinDOS starts screaming at me: "Hey, there's this
> > program that's absolutely essential for WinDOS to run properly and it seems
> > to have disappeared! Quit whatever you're doing, put in the WinDOS 2KPro
> > CD, & hit enter." So I sez, p_ss on you, WinDOS, and just reboot again,
> > and, strange as it may seem, WinDOS runs fine without it.
> >
> > Note that it will also get cached in "dllcache", but that doesn't happen once
> > it's
> > been removed from ".inetsrv"
> >
> > Enny body have any idear what this thing is really doing?
> >
> > Cheers!
> >
> > - duke
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
> inetinfo.exe is the ISAPI web service. Sounds like something was hitting
> an http port and the server was looking for a place to serve. Someone
> mentioned you don't need ISAPI, which if you don't want to run web
> services, you really should remove as a vulnerability and bloat.
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug





More information about the LUG mailing list