View Full Version : API and CMD
04-01-2007, 01:44 AM
I wonder whether it is normal that the firewall announces me the exit of Api (DLL) ?
Then, I had a message of the firewall indicating to me that CMD wanted to go on the Internet !
The problem it is that the parameters of the CMD were not posted. Then, I had to stop it.
04-02-2007, 12:47 AM
Sorry Diana but I could not fully understood your problem, could you please repeat the report with more details (exact steps of what you did and what had happened) and I will be more then happy to help
04-02-2007, 04:28 PM
Look this picture :
Why does CMD want to go on Internet ?
There is not enough information !
04-02-2007, 07:41 PM
May be you have ADSL and use a speedmeter like PyGrenouille ? It usese CMD to make Ping and Tracert.
Utiliserais-tu PyGrenouille ou un logiciel du même genre ? PyGrenouille lance des Ping et Tracert via l'interface de commande (CMD).
04-02-2007, 08:04 PM
Non, j'utilise pas le logiciel que tu m'indiques. En faite, je ne sais pas quels logiciels utilisent le CMD pour aller sur Internet, c'est ça le problème car ça peut être un virus par exemple...
not, I do not use the software that you indicate to me. In made, I do not know which software uses the CMD to go on Internet, it is that the problem because that can be a virus for example...
04-03-2007, 06:46 AM
OK… I did not understand that (I can understand and speak a bit Spanish but not French :-) ) but I'll try to explain.
When an application is trying to access the Internet the firewall first check the parent process (a very common attack against firewalls is to access the Internet by launching applications that are already allowed, by checking the parent process firewalls usually avoid this leak). This means the CMD is or
1. Trying to access the Internet
2. Launching an application that tries to access the Internet.
It would help to see the logs and then try to analyze what have happened. What I suggest is that you do as follows:
1. Download and extract the logs.zip file
2. Double click on ExtensiveLog.reg and restart the firewall (turn on extensive logs)
4. Try to repeat the process with CMD.exe
5. Save the file c:\Program Files\PC Tools Firewall Plus\FirewallWrapper.txt
and the files in the directory C:\Documents and Settings\Your user name\Application Data\PCToolsFirewallPlus\ (if you run on Vista it’s the directory C:\ Your user name \Hanoch\AppData\Roaming\ PCToolsFirewallPlus and send it to us in the post
6. Double click on NormalLog.reg and restarting the firewall (turn off extensive logs)
We will look at the logs and try to analyze what happens in your computer
04-03-2007, 06:50 AM
Silly me, I forgot to attach the logs zip file
04-03-2007, 01:48 PM
Ok i understood :)
I found the process which uses CMD: NSLookUP.exe which wants to go on the Net (my forum)!:p
04-03-2007, 11:47 PM
The logs back up your assumption: C:\WINDOWS2\SYSTEM32\CMD.EXE is activating C:\WINDOWS2\SYSTEM32\NSLOOKUP.EXE
toujours à votre service