Is there a list of BAD device drivers like Nortel or Network Monitor?

Discussion in 'Computer Security' started by Sandra Knight, Jan 26, 2006.

  1. How can I tell from this list of devices which (if any) is "listening"
    to my keystrokes or network packets?

    Some of them sound fishy, eg IPSECSHM, Eacfilt, Network Monitor,
    Arrowkey, System Recognizer, etc .

    Do you have the SAME devices? I tried to delete the Nortel ones as I
    don't use Nortel VPN anymore but they said they could not be deleted
    as they were needed for the boot process. Huh?

    Should I right click and delete some of those below?

    I can I tell which are bad and which are "normal"?

    I right clicked on "My Computer", selected "Manage",
    then left clicked on "Device Manager", and then
    selected "View", "Show hidden devices".

    This is the list of Network adapters on the IBM laptop:

    Network adapters
    - 1394 Net Adapter
    - Direct Parallel
    - IBM High Rate Wireless LAN MiniPCI Combo Card
    - IBM High Rate Wireless LAN MiniPCI Combo Card - Eacfilt Miniport
    - Infrared Port
    - Intel(R) PRO/100 VE Network Connection
    - Intel(R) PRO/100 VE Network Connection - Eacfilt Miniport
    - Nortel IPSECSHM Adapter
    - Nortel IPSECSHM Adapter - Eacfilt Miniport
    - WAN Miniport (IP)
    - WAN Miniport (IP) - Eacfilt Miniport
    - WAN Miniport (L2TP)
    - WAN Miniport (Network Monitor)
    - WAN Miniport (Network Monitor) - Eacfilt Miniport
    - WAN Miniport (PPOE)
    - WAN Miniport (PPTP)

    This the list of other related devices.

    Non-Plug and Play Drivers
    - 1394 ARP Client Protocol
    - AFD Networking Support Environment
    - Arrowkey Device Acess
    - Aspi32
    - aswRdr
    - ATM ARP Client Protocol
    - Beep
    - dmboot
    - dmload
    - Fips
    - Generic Packet Classifier
    - HTTP
    - IBM eGatherer Diagnostics
    - IP Network Address Translator
    - IPSEC driver
    - IrDA Protocol
    - ksecdd
    - mnmdd
    - mountmgr
    - NDIS System Driver
    - NDIS Usermode I/O protocol
    - NDProy
    - NetBios over Tcpip
    - Network Monitor Driver
    - Nortel Etranet Access Protocol
    - Null
    - PartMgr
    - ParVdm
    - PGPdisk
    - procguard
    - RDPCDD
    - RDPWD
    - Remote Access Auto Connection Driver
    - Remote Access IP ARP Driver
    - Remote Access NDIS TAPI Driver
    - Secdrv
    - sptd
    - TCP/IP Protocol Driver
    - TDTCP
    - Teefer for NT
    - TPHKDRV
    - VET File and Macro Monitor
    - VET File System Filter
    - VET File System Recognizer
    - VgaSave
    - VolSnap
    - vsdatant
    - Windows Socket 2.0 Non-IFS Service Provider Support Environment
    - wpsdrvnt
     
    Sandra Knight, Jan 26, 2006
    #1
    1. Advertising

  2. Use any Spyware Detection software to check your computer for malicius
    software. There is a free online spyware detector available at
    www.spywareinfo.com/xscan.php Pretty good.

    If you are wondered about any driver or service you have on your computer -
    use Google with the driver, file, or service name to do a research.

    Good luck,

    Mike
    www.ciscoheadsetadapter.com


    "Sandra Knight" <> wrote in message
    news:...
    > How can I tell from this list of devices which (if any) is "listening"
    > to my keystrokes or network packets?
    >
    > Some of them sound fishy, eg IPSECSHM, Eacfilt, Network Monitor,
    > Arrowkey, System Recognizer, etc .
    >
    > Do you have the SAME devices? I tried to delete the Nortel ones as I
    > don't use Nortel VPN anymore but they said they could not be deleted
    > as they were needed for the boot process. Huh?
    >
    > Should I right click and delete some of those below?
    >
    > I can I tell which are bad and which are "normal"?
    >
    > I right clicked on "My Computer", selected "Manage",
    > then left clicked on "Device Manager", and then
    > selected "View", "Show hidden devices".
    >
    > This is the list of Network adapters on the IBM laptop:
    >
    > Network adapters
    > - 1394 Net Adapter
    > - Direct Parallel
    > - IBM High Rate Wireless LAN MiniPCI Combo Card
    > - IBM High Rate Wireless LAN MiniPCI Combo Card - Eacfilt Miniport
    > - Infrared Port
    > - Intel(R) PRO/100 VE Network Connection
    > - Intel(R) PRO/100 VE Network Connection - Eacfilt Miniport
    > - Nortel IPSECSHM Adapter
    > - Nortel IPSECSHM Adapter - Eacfilt Miniport
    > - WAN Miniport (IP)
    > - WAN Miniport (IP) - Eacfilt Miniport
    > - WAN Miniport (L2TP)
    > - WAN Miniport (Network Monitor)
    > - WAN Miniport (Network Monitor) - Eacfilt Miniport
    > - WAN Miniport (PPOE)
    > - WAN Miniport (PPTP)
    >
    > This the list of other related devices.
    >
    > Non-Plug and Play Drivers
    > - 1394 ARP Client Protocol
    > - AFD Networking Support Environment
    > - Arrowkey Device Acess
    > - Aspi32
    > - aswRdr
    > - ATM ARP Client Protocol
    > - Beep
    > - dmboot
    > - dmload
    > - Fips
    > - Generic Packet Classifier
    > - HTTP
    > - IBM eGatherer Diagnostics
    > - IP Network Address Translator
    > - IPSEC driver
    > - IrDA Protocol
    > - ksecdd
    > - mnmdd
    > - mountmgr
    > - NDIS System Driver
    > - NDIS Usermode I/O protocol
    > - NDProy
    > - NetBios over Tcpip
    > - Network Monitor Driver
    > - Nortel Etranet Access Protocol
    > - Null
    > - PartMgr
    > - ParVdm
    > - PGPdisk
    > - procguard
    > - RDPCDD
    > - RDPWD
    > - Remote Access Auto Connection Driver
    > - Remote Access IP ARP Driver
    > - Remote Access NDIS TAPI Driver
    > - Secdrv
    > - sptd
    > - TCP/IP Protocol Driver
    > - TDTCP
    > - Teefer for NT
    > - TPHKDRV
    > - VET File and Macro Monitor
    > - VET File System Filter
    > - VET File System Recognizer
    > - VgaSave
    > - VolSnap
    > - vsdatant
    > - Windows Socket 2.0 Non-IFS Service Provider Support Environment
    > - wpsdrvnt
     
    CiscoHeadsetAdapter.com, Jan 26, 2006
    #2
    1. Advertising

  3. Sandra Knight

    Guest

    Consider the drivers one by one. Identify the file, manufacturer and
    version, and get the same driver from a trusted source. Compare.

    If you believe the machine is compromised stop using it except for
    investigations. Put it on a test network. Inspect traffic to figure out
    if some data is sent. Try to do this in a silent or busy networking
    environment. This might take several days to see something.

    Ludovic Joly
     
    , Jan 26, 2006
    #3
  4. Don't go trying to delete things just because you are unsure of what they
    are. What you can do is to go into add and remove programs and from there
    remove applications that you no longer need. Beyond that you should rely on
    your malware and spyware detection and removal programs to try to identify
    and remove any malicious process and you also want to scan in Safe Mode with
    those also being sure to use the latest definitions for any malware/spyware
    program as they can change daily. You can use free tools from SysInternals
    such as Process Explorer, Autoruns, TCPView, and Autoruns to show what
    processes are being used on your computer, the associated executable, the
    publisher name and if the file is signed [verified], and associated services
    and port use. If the associated executable does not show a publisher in
    Process Explorer that could [but not always] indicate a malicious
    ocess. --- Steve

    http://www.sysinternals.com/Utilities/ProcessExplorer.html -- Process
    Explorer and link to SysInternals.

    "Sandra Knight" <> wrote in message
    news:...
    > How can I tell from this list of devices which (if any) is "listening"
    > to my keystrokes or network packets?
    >
    > Some of them sound fishy, eg IPSECSHM, Eacfilt, Network Monitor,
    > Arrowkey, System Recognizer, etc .
    >
    > Do you have the SAME devices? I tried to delete the Nortel ones as I
    > don't use Nortel VPN anymore but they said they could not be deleted
    > as they were needed for the boot process. Huh?
    >
    > Should I right click and delete some of those below?
    >
    > I can I tell which are bad and which are "normal"?
    >
    > I right clicked on "My Computer", selected "Manage",
    > then left clicked on "Device Manager", and then
    > selected "View", "Show hidden devices".
    >
    > This is the list of Network adapters on the IBM laptop:
    >
    > Network adapters
    > - 1394 Net Adapter
    > - Direct Parallel
    > - IBM High Rate Wireless LAN MiniPCI Combo Card
    > - IBM High Rate Wireless LAN MiniPCI Combo Card - Eacfilt Miniport
    > - Infrared Port
    > - Intel(R) PRO/100 VE Network Connection
    > - Intel(R) PRO/100 VE Network Connection - Eacfilt Miniport
    > - Nortel IPSECSHM Adapter
    > - Nortel IPSECSHM Adapter - Eacfilt Miniport
    > - WAN Miniport (IP)
    > - WAN Miniport (IP) - Eacfilt Miniport
    > - WAN Miniport (L2TP)
    > - WAN Miniport (Network Monitor)
    > - WAN Miniport (Network Monitor) - Eacfilt Miniport
    > - WAN Miniport (PPOE)
    > - WAN Miniport (PPTP)
    >
    > This the list of other related devices.
    >
    > Non-Plug and Play Drivers
    > - 1394 ARP Client Protocol
    > - AFD Networking Support Environment
    > - Arrowkey Device Acess
    > - Aspi32
    > - aswRdr
    > - ATM ARP Client Protocol
    > - Beep
    > - dmboot
    > - dmload
    > - Fips
    > - Generic Packet Classifier
    > - HTTP
    > - IBM eGatherer Diagnostics
    > - IP Network Address Translator
    > - IPSEC driver
    > - IrDA Protocol
    > - ksecdd
    > - mnmdd
    > - mountmgr
    > - NDIS System Driver
    > - NDIS Usermode I/O protocol
    > - NDProy
    > - NetBios over Tcpip
    > - Network Monitor Driver
    > - Nortel Etranet Access Protocol
    > - Null
    > - PartMgr
    > - ParVdm
    > - PGPdisk
    > - procguard
    > - RDPCDD
    > - RDPWD
    > - Remote Access Auto Connection Driver
    > - Remote Access IP ARP Driver
    > - Remote Access NDIS TAPI Driver
    > - Secdrv
    > - sptd
    > - TCP/IP Protocol Driver
    > - TDTCP
    > - Teefer for NT
    > - TPHKDRV
    > - VET File and Macro Monitor
    > - VET File System Filter
    > - VET File System Recognizer
    > - VgaSave
    > - VolSnap
    > - vsdatant
    > - Windows Socket 2.0 Non-IFS Service Provider Support Environment
    > - wpsdrvnt
     
    Steven L Umbach, Jan 26, 2006
    #4
  5. Sandra Knight

    glory63

    Joined:
    May 15, 2008
    Messages:
    1
    virus

    I clicked on this link...and bitdefender said it had a virus...so beware...went further..on the site..and said i picked up another virus...so not sure if this is correct...but didnt want anyone else..experiencing this..thanks..
     
    glory63, May 15, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sandra Knight
    Replies:
    3
    Views:
    6,774
    Steven L Umbach
    Jan 26, 2006
  2. Replies:
    12
    Views:
    2,993
    Michael Alan Chary
    Feb 23, 2005
  3. Replies:
    0
    Views:
    513
  4. John

    Bad media, bad files or bad Nero?

    John, Dec 31, 2007, in forum: Computer Information
    Replies:
    23
    Views:
    1,241
    Keith
    Jan 8, 2008
  5. Keane1
    Replies:
    0
    Views:
    799
    Keane1
    Nov 10, 2009
Loading...

Share This Page