Jeff,
I have exactly the same problem on my wife's Pavillion as well and had just
discovered
the problem on Saturday night. I had installed a network card and done some
net
configuration, after which the system would hang in wininit.exe. In watching
the
system thru McAffee I noticed that something spooky/shifty was going on with
the pc as a network address was infront of the full path of wininit.exe, and
occasionaly
the system would look in a bunch of directories that seemed associated with
reporting
the type of software and the packages you have installed.
I have also seen the keyboard driver hang as well.
Up until now I thought that it was some sort of worm virus, as somehow
McAffee scan
has become disabled. I also found a really strange vb script. I had McAffee
turned on
and was looking at executables only unfortunately.
I really have no clue what is going on with it, and I was considering trying
a scanpm
off of an emergency floppy, or buying Norton anti-virus and seeing if this
was a
known virus. Searches on the popular virus sites reveals nothing.
The fact that this is pavillions is very suspicious.
Let me know if you find anything and I will do the same, but I'm getting
increasingly
angry about this, especially if this is associated with some sort of service
that says
ok, let me go look for new versions of software for you, which is what I am
beginning
to think that this may be. The Pavillion that my wife has is an 6640C.
Neil
----- Original Message -----
From: "Jeff Kell" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, December 05, 2000 2:15 PM
Subject: OT: Pavillions phone home?
> Allow me to skip the details of how this came to my attention, but I
> have discovered some weird, extraneous traffic coming from our dorms
> (yes, that is somewhat redundant, but I mean *really* weird :-) ).
> Once a second, about 3 dozen machines on average try to establish
> communication with IP 207.26.131.137. Hmmm...
>
> I've done a fairly exhaustive search in my resource list to find
> anything about this and the only mentions of this I can find are in
> dejanews if you search the complete archive for that IP address, and
> the details were extremely sketchy. Three posts were old ones to
> comp.sys.hp.hardware mentioning this address, that the poster's new
> Pavillion with Win/ME was pinging it once a second. One follow-up
> mentions something about a "Netropia Multi-Media Keyboard" and it's
> driver or related file MMKEYBD.EXE being the culprit.
>
> I can find nothing about the IP. Can't trace it. Can't ping it. No
> web server. No mail server. No whois registration. Only the larger
> IP block allocation to ANS, a big-name provider.
>
> Checking some of the local IPs that were "ringing" I did find evidence
> that at least half of them were HPs and a couple Pavillions (based on
> our local registration, if present, and guesswork at their NETBIOS
> names).
>
> We aren't getting this traffic from any of the other couple thousand
> machines on campus, but most of the on-campus platforms are either Dell
> or Macintosh. Only seen this coming from the dorms, where students can
> bring whatever they want. So the Pavillion story makes some sense.
>
> Has anyone heard anything about this? Anyone have any recent Pavillions
> that might be doing the same thing? The posting mentioned above was
> back in September. I'd like to verify it is some unscrupulous
> executable that happened to be dumped on Pavillions, or if it is
> something more bizarre they have perhaps downloaded. It doesn't match
> the signatures of any virus, DOS, or DDOS intrusion I can find.
>
> Curiously yours,
>
> Jeff Kell <[log in to unmask]>
|
