CastleCops® pprekop.exe / killing Comodo / BSOD's ?

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

pprekop.exe / killing Comodo / BSOD's ?

All -> FavForums -> Rootkit Revelations

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

felch

Cadet
Cadet

Joined: Sep 03, 2007
Posts: 1
Location: Australia

Posted: Mon Sep 03, 2007 11:33 pm Post subject: pprekop.exe / killing Comodo / BSOD's ?

The folks at the Comodo FW forum thought I should ask you guys. Party Poker are swearing their software is bulletproof and there is no problem. But it only ever occurs when Party Poker is running -

===

Something has been causing more than its fair share of instabilities, BSODs and Comodo crashes on my machine. This time I think I caught it, something called ppkerop.exe. This file does not exist locally. There is no .dmp or Dr Watson. There is much chatter online about the same problem, but no answers or acknowledgment by Party Poker (who's users I assume are the target) -

App log -

===
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 2/09/2007
Time: 11:22:02 AM
User: N/A
Computer: felch
Description:
The description for Event ID ( 1000 ) in Source ( Application Error ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: pprekop.exe, 4.2.0.172, ole32.dll, 5.1.2600.2182, 10017bed.
Data:
0000: 66 00 78 00 31 00 6e 00 f.x.1.n.
0008: 55 00 32 00 6b 00 33 00 U.2.k.3.
0010: 75 00 53 00 2b 00 65 00 u.S.+.e.
0018: 63 c
===

Firewall log (it killed the firewall) -

===
Date/Time :2007-09-02 11:22:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 125.196.223.238, Port = ms-rpc(135))
Protocol: TCP Incoming
Source: 125.196.223.238:2116
Destination: 125.253.33.10:ms-rpc(135)
TCP Flags: SYN
Reason: Network Control Rule ID = 7
===

Culprit doing it (in this case) -

===
Name: FLH1Afc238.chb.mesh.ad.jp
Address: 125.196.223.238
===

Whether its mere coincidence, or work of the devil, I have also started noticing a much higher frequency of SQL port probes at the same time.

Has anyone experienced this or heard anything about it ? My system hasn't actually been penetrated that I know of, but it has been killed dead. Repeatedly. I've run multiple rootkit / malware scanners. Nothing. Log atached - pprekop.rar

pprekop.rar

Description:

Comodo firewall log

Download

Filename:

pprekop.rar

Filesize:

2.32 KB

Downloaded:

55 Time(s)

	All -> FavForums -> Rootkit Revelations	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 149ppm 0.206s (0.034s) Making cybercriminals unhappy since 2002*