NCLR´s P2P-rig

Status
Not open for further replies.

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

nvvsvc.exe http://www.pcpitstop.com/libraries/process/i/nvvsvc.exe.html
 

LoftedAphid86

New Member
Feb 24, 2011
1,107
RE: NCLR need recommendation on improvements.

nclr11111 said:
nvvsvc.exe http://www.pcpitstop.com/libraries/process/i/nvvsvc.exe.html
It might not be a real version of the driver, because if it was digitally signed by NVIDIA, then it should be trusted.
 

LaserWraith

Level 1
Feb 24, 2011
497
RE: NCLR need recommendation on improvements.

Hmm...the printer question confuses me a bit. What you may want to do is this:

[attachment=9]

Then, use another computer to send something to be printed. If you get an alert, allow it and make sure to remember it. It would be helpful if you could post a screenshot of the alert too.

Now, block any other requests that don't come up when printing.
 

Attachments

  • 2011-02-25_170154.png
    2011-02-25_170154.png
    34.4 KB · Views: 409

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

That would be strange since i never dl drivers from anywhere but their hp.
Also recently did a full scan with both MSE and Malwarebytes antimalware with no infections.

Is there a way of searching manually in the database

Sorry Laserwraith. I don´t have permission to access your image :p
 

LoftedAphid86

New Member
Feb 24, 2011
1,107
RE: NCLR need recommendation on improvements.

nclr11111 said:
That would be strange since i never dl drivers from anywhere but their hp.
Also recently did a full scan with both MSE and Malwarebytes antimalware with no infections.

Is there a way of searching manually in the database
What do you mean by 'searching manually in the database'?
 

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

In the clouds whitelist. Sorry for not making it clear. English you know :)
 

LoftedAphid86

New Member
Feb 24, 2011
1,107
RE: NCLR need recommendation on improvements.

nclr11111 said:
In the clouds whitelist. Sorry for not making it clear. English you know :)
The only way that I know of is to use a tool that is not ready for release outside of Comodo's forums.
You could locate the file and right click it and click properties, then look for a tab named Digital Signatures. Tell me if you see a tab like this and what the details are.
 

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

Digital Signature for nvvsvc:
http://data.fuskbugg.se/skalman02/digsign.JPG
http://data.fuskbugg.se/skalman02/digsign2.JPG

Thx for the bigger image Lazerwraith :) I´ll try out this later to make it work.
 

LoftedAphid86

New Member
Feb 24, 2011
1,107
RE: NCLR need recommendation on improvements.

nclr11111 said:
Digital Signature for nvvsvc:
http://data.fuskbugg.se/skalman02/digsign.JPG
http://data.fuskbugg.se/skalman02/digsign2.JPG

Thx for the bigger image Lazerwraith :) I´ll try out this later to make it work.
It's real. The driver might have been trying to access a file that was not trusted.
 

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

Ok! I´ll have a play with this later and see so that the printer works in the home network.
Many thanx for all help!

Btw. The FW is a lot better/easier than last time i used it! :)
 

LoftedAphid86

New Member
Feb 24, 2011
1,107
RE: NCLR need recommendation on improvements.

nclr11111 said:
Ok! I´ll have a play with this later and see so that the printer works in the home network.
Many thanx for all help!

Btw. The FW is a lot better/easier than last time i used it! :)
We're glad to help.
 

Chiron

Level 1
Feb 24, 2011
250
RE: NCLR need recommendation on improvements.

For future reference one of the easiest ways to check out if a file is trusted by Comodo is to first upload it to VirusTotal. This is something you would normally do anyway if you're checking out a file.

Next take the SHA1, which is provided under the scan results. Take this and then search Comodo File Intelligence, using that SHA1. It will tell you whether Comodo recognizes the file as malicious, unknown, or safe. It will also tell you whether it is digitally signed.

I hope this is useful.
 

bogdan

Level 1
Jan 7, 2011
1,362
RE: NCLR need recommendation on improvements.

Yeah, well it did actually! But there was a couple of things i´m unsecure about.
First FW alerted me of DTLite.exe (Daemontools) performing an SQL-injection and something about exceeding memory!? Seems a bit odd that a so widely spread application should perform a SQL-injection!?!? (DL from their HP btw)

That is a False Positive most likely. In Defense+ -> Defense+ Settings -> Execution Control Settings there is an Exclusions button. Click it. In the list that opens add (Add -> Browse) C:\Program Files\DAEMONTools Lite\DTLite.exe if it is not there already.

Second it warned me about nvvsvc trying to execute rundll32. Now thats my nvidia-driver. Also strange thats not in clouds whitelist??

Strange indeed since the real file (C:\Windows\System32\nvvsvc.exe) is digitally signed by nVidia. Check your CIS Logs (Events), find the file and do as others suggested. But make sure you upload the file that triggered the pop-up. If it is a file in another folder it might be malicious.

Third: I´ve been warned a couple of times about computers trying to connect from outside. So far i have denied, but how do i know what types of connections they are? Is it possible there are some updatefunction??

Windows has some services that scan computers on a network (to see if a new shared device is available, for example). So you'll see other computers connecting to you commonly on ports 138, 139, 445 (NetBIOS Name Service), 2869 (I think this is SSDP Discover Service). This means that Windows leaves those ports opened. Unfortunately worms exploit those open ports too.

It depends on how you connect to the internet. You have a router and all in-house computers are connected to it? Or all your computers use the same ISP.
Anyway you should know the IP-s of computers in your home and those IP-s need to be static to properly configure a firewall.
Sharing apps lice DC++ and uTorrent can cause firewall pop-ups when others are trying to connect to you and get the files you share/seed. You need to configure the sharing clients to use a specific port to properly configure a firewall.

Then a general question. At installation i was asked if i would use Comodo´s secure DNS.It sounds good but i´m using a VPN a great deal and don´t know the implications on connection to my VPN with this function activated. Suggestion??

This won't conflict with VPN but you might notice a slowdown depending on your location. IMO currently Comodo DNS doesn't add much to protection. I personally don't have it installed. Important: The firewall might interfere with your VPN. You had Win7 firewall disabled to be able to use the VPN?

Sorry Laserwraith. I don´t have permission to access your image :p

Sorry. Changed your permissions so you can view attachments.
 

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

Thx Bogdan.
Just installed Comodo on all 3 pc´s at home. Every time i finished an install i get a warning that a connection is trying to be made from another computer. The IP varies on the last 2 numbers. My IP ends with 64 the others with 65 and 68. So i figure it´s the other comps in my network trying to connect i´m being warned about!?

The printer works fine from all 3 comp´s after configuring my home network.

Never disabled my Windows FW in order to use my VPN. Tried it last night and it seems to function as it´s supposed. I don´t use the DNS-service on any comp.

I´ll send the driver to be checked out later. (now it´s trusted! Don´t know why it wasn´t at the beginning)

...and thx for letting me access the pictures in the forum ;-)
 

LaserWraith

Level 1
Feb 24, 2011
497
RE: NCLR need recommendation on improvements.

It is my policy to not allow any incoming connections, unless something goes wrong. I'm weak in the networking part of computers. ;)
 

bogdan

Level 1
Jan 7, 2011
1,362
RE: NCLR need recommendation on improvements.

Probably those are your in-house computers. You can open a command-prompt on each of them and run ipconfig /all to see their ip-s (IPv4 Address). If those are the only computers on the network connections from them are safe, since you have CIS installed on them too.
 

nclr11111

Level 6
Thread author
Verified
Well-known
Feb 25, 2011
277
RE: NCLR need recommendation on improvements.

Didi a checkup on "what´s my ip" on them before and came up with "this is a private IP-adress and connot be traced". When reading info about this it states that multiple computers in the same network gets thoose ip´s. But i´ll check in config aswell.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top