[Site Home] [Forum Home] [Articles] [File DB] [News Archives]
IceTeks Articles -> Big Brother and Ndisuio.sys
(View original topic)
| Guest - Apr-24-2006 server time |
pausing but for a moment to see if the widow pops up again ... yes that paticular app is quite annoying.. i might think it was more reputable if it didnt try to run on mutiple ports ... it was like it was scanning for a hole...  now be gone i say.. cheers... tks for the advice |
| Brooklynegg - Jan-14-2006 server time |
| I use Panda as well and just started getting prompted about ndisuio.sys. Like Rob, I have blocked all its attempts to access the Intranet. |
| Matt - Jan-05-2006 server time |
 I just tried it and it works! go to start menu > settings > control panel > Administrative tools > double click on services > double click on wireless zero configuration > At "service status:" click on close > on "startup type:" drop down menu to "disable" > then click "apply" vola! no more pesky sygate alarms! |
| DukeP - Dec-18-2005 server time |
| to FENDER How did you do that, could you write more details, pls. |
| fender - Oct-27-2005 server time |
| i disabled the ndisuio.sys from services and changed that it wont start at system startup. so my sygate doesnt seem to get any more activity to block from outside... i guess im safe again |
| Driveby Guest - Oct-26-2005 server time |
| I realize that I am performing thread necromancy here, but I just had a run-in with ndisuio.sys that somebody might find interesting. I've finally gone broadband (Verizon DSL), and for the last couple of days ndisuio.sys has been popping up on Sygate periodically asking for network access, which I have been cautiously granting it, ignorant as I was of its function. Fast forward until this morning. I am downloading Slackware 10.2 isos from ftp://slackware.cs.utah.edu/. They have massive bandwidth, and everything is copacetic. Then, NDIS User Mode I/O Driver ndisuio.sys appears on Sygate's radar as being contacted from cs.utah.edu and asking permission to run something called “CADIS – Cadis License Manager”. Well, that was the last straw. I nuked it and Googled it, which is what I should have done in the first place, evidently. As a side note, out of the billions of web pages that Google keeps track of, I found a grand total of three (3) that mention “Cadis License Manager”. From what I can gather from the disturbingly scant information that I could find, CADIS is more or less what it's name implies: some sort of nosy, “trusted computing” bullshit. |
| Rob - Jul-19-2005 server time |
| When I activated the panda antivirus firewall I kept getting told there was incoming udp traffic on port 135 to ndisuio.sys. All it is is someone trying to spam the windows messenger service. I just told panda to keep blocking it and dont tell me about it. |
| Red Squirrel - Jul-07-2005 server time |
| Yeah its' crap, dont trust it. Disable it and get something else. mind you, I've seen it where installing a firewall gives you the dreaded STOP error at startup when you reboot, so image your drive before installing the firewall in case you need to rollback, since BSODs are unescapable in most cases,on NT based OSes. Oh and the firewall conflict is an XP thing, in 2000 all is smooth. |
| weakzero - Jul-07-2005 server time | ||
Wait. The MICROSOFT firewall doesn't always work? Are you serious?  |
| Andrew Price - Jul-07-2005 server time |
| Ok...restarting didn't help..cause i didn't try but i did solve the problem ..there was a step missing.. you have to change the startup type to "disabled" and you also have to "stop" the service. I stopped the service before, but I realized when I went back to check on ithe service again that it had started up again by itself. HOPEFULLY...This will resolve my frustration. Good luck! Been there.  |
| Andrew Price - Jul-07-2005 server time |
I personally use Sygate firewall myself and let me tell you ndisuio.sys is a pain in the @ %^! I followed the instructions listed in the article to disable the file."To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices. " I hoped that by disabling this that the Sygate alarm would stop going off. I have blocked the program from accessing the network. However it keeps making the firewall go off like 40+ times per day. This is rediculous. I even have asked Sygate to stop notifying me of the attempts to access the network by this program. It hasn't listened. It still goes off. I have not rebooted my computer yet after ending the service. It says hoever that the service is stopped. Any other suggestions. Besides throwing the computer out the window? Andrew Price Executive Director Tracer Time AndrewPrice (at) TracerTime.com |
| kris - May-16-2005 server time |
| Hi, recently i logged my laptop to a local intranet and the admin had used ndisuio.exe and ntokrnl.exe to control my comp. - atleast according to Sygate firewal ndisuio.exe- Sygate says was used to find out all the running applications and ntokrnl was used to enable th UDP -this i'm not sure what UDP is used for, i have blocked it using sygate now, bye |
| freewheeler - Apr-24-2005 server time |
| "ndisuio.sys has been blocked from accessing the network" this is what my sygate personal firewall keeps on telling me every few seconds with a sound alert which was bugging me to the extent that i started having nightmares about it, well got the info i wanted on this forum and i disabled it... thanks guys!! |
| Wren - Jan-20-2005 server time |
I don't think there's a paranoid one of us in the bunch.  As far as Linux goes...I'm to old to care.  |
| guru - Jan-20-2005 server time |
| guys you are paranoid. NDISUIO does not do anything bad. Actually Microsoft has source code of this driver published in their device driver kit. All it does is provide user level I/O (input/output) to the protocol stack. In Linux it is known as promiscous mode and is implemented by all network interface drivers. Relax. Life is good. |
| demitheousnova - Jan-17-2005 server time |
| what do you mean by bad bad catagory? please reply |
| Uffe - Dec-23-2004 server time |
| [Sweden] This program is using port 2157 to communicate. But I do think that it has to have som kind of randomizator built in to it; noone uses servers in Moldavia and Novosibirsk to hack me ... or so one would think...  |
| Filu - Oct-22-2004 server time |
| Disabled wireless services worked for me. It was scary but I found explanation here very fast. |
| Alex Procup - Oct-08-2004 server time |
| I have sygate too and the 'annoying' file ndisuio.sys keeps poping up trying to access the network. Disabling this file, via the control panel, administration tools, services, Wireless Zero Configuration, per -Red Squirrel... Does not Stop this thing from trying to access the network. This puts it into the BAD BAD catagory. Next, I will try to stop it on my Hardware Firewall. Any thaughts appreciated. Regards, IC_eng banghead: |
| Red Squirrel - Sep-24-2004 server time |
| I think it's just becase that file duplicates network activity, so if you've been to that site then it makes it look like it's trying to connect there. |
| Dazzler - Sep-23-2004 server time |
| Right I Have now reg'd hopefully this will get a reply cos i know it is an old thread! Cheers Darren  |
| Darren - Sep-23-2004 server time |
| Hi all I have not found any referance to this problem elseware but my Ndisuio.sys is trying to recieve data from www.imgag.com which seems to be linked with www.americangreetings.com?? it also is trying to get data from other random IP address's none of which i have so far been able to trace?? any one have any ideas on this as it is freaking me out some what! Thanks Darren |
| Red Squirrel - Sep-20-2004 server time |
| Well it's safe, but if you don't need it, then you can block it, and even disable this file altogether. |
| mathwannabe - Sep-20-2004 server time |
| Today was my first experience with Sygate telling me that NDIS had received a Broadcast Packet from a remote machine. Should I allow this to access my network? thanks. |
| Red Squirrel - Sep-14-2004 server time |
| weird that a network related file would be needed for a screen saver though... but it is an RPC thing so you just never know when it comes to that. |
| Guest - Sep-14-2004 server time |
 I know this is an old listing but thought I'd throw my two cents out there as I found out what the ndisuio.sys file controls, atleast on my xp machine that is. I too installed sygate personal firewall and the 'mysterious' file ndisuio.sys popped up trying to access the network. I also had the NTOSKRNL.EXE file do the same. After much investigating, and some trial and error, here's what I found out. By 'blocking' the ndisuio.sys file with sygate, it will not allow my 'xp' screensaver to work. Therefore, it is windows control of this function. I have my system set to prompt for a password after resuming from the screensaver and if I 'block' the NTOSKRNL.EXE file, the system will not prompt for the password after resuming from the screensaver. so.....ndisuio.sys controls the xp screensave, and...NTOSKRNL.EXE controls the password prompting I have now 'allowed' both files and have not have any problems. I run the latest version of sygate personal firewall, the latest updated antivirus and do a full a scan regularily with Adware SE Personal and always come up clean with all. So I must conclude these two are safe?? Hope this helps. |
| dan - Aug-29-2004 server time |
| Its related to RPC? that is scary! |
| Red Squirrel - Aug-28-2004 server time |
| Woah, you're on the same subnet as my local network... that's weird. |
| Guest - Aug-28-2004 server time |
 This is it i going back to linux.This is only the begining.Since i blocked this file to exit to roter my mice dont move left and right no more.Sorry for my bad english.  |
| Wren - Jun-30-2004 server time |
I have my registered copy of XP updated and use all the security measures I can. No problem so far.  |
| Red Squirrel - Jun-30-2004 server time |
| lol true, well as long as you don't do windows update you're safe... no wait, that's contradicting... bah just get a router. For a company that makes patches for patches I trust a router before the patches anyway. to be honest I never did windows update once on my win2k, and never had problems. There's other ways to keep things secure but you just have to know what you're doing. But the worse you can do is get a cracked copy or otherwise modified since some crackers wont only crack it, but they will insert things in it. Might as well just buy it and that way you're safe, and you can do windows update. |
| cabbagehead - Jun-30-2004 server time |
| er... *downloading* xp pro is probably not the best idea from a security standpoint. just a thought. |
| M - Jun-28-2004 server time |
| Hmm I install and updated windows pro at lest 30 times and yet to have had a single file, run your critical updates. Easiest fix. |
| Red Squirrel - Jun-28-2004 server time |
| Hmm well it is a network-enabled driver, so it could be there are security flaws that allow this. Also, you may want to look at this article: http://iamnotageek.com/articles.php?aid=10...&topic=Firewall It's about the XP firewall being... well... microsoftish, it does not always work. |
| paralgl4fn@comcast.net - Jun-28-2004 server time |
| I downloaded XP Pro last November. Shortly afterwards, someone managed to hack into my system, even though I had a very basic firewall, and actually changed my log-on screen to add TWO user log-ons and icons, and removed mine from the screen (although it was only disabled and hidden). I couldn't log on, and after a couple of unsuccessful hours of attempting to access my own system, I finally called a programmer friend. It still took us another 25 minutes to access the administrative tools and return my Administrator log-on to the start-up screen. It then took us about 30 more minutes before we discovered this "ndisiou" driver, which neither of us had ever seen before. I was unable to remove the two added user accounts until I disabled this file. We still don't know for sure if this driver file is what enabled the hacker to take control of my system or something else occurred, but it seems co-incidental that once I disabled it, I had no trouble whatsoever with my system. It also seems co-incidental that, about six months after the original break-in, I let my curiosity get the better of me and I re-enabled the ndis file for less than five minutes (after taking appropriate steps to safeguard my files). Within 30 seconds I began having trouble with my system (e.g., slow loading and freezing screen; of more interest, one of the two unauthorized user log-ons I had removed in November returned. Once I disabled the ndisiou file again, the problems stopped, and I, as administrator, was able to change the password for this user to a completely random and multiple set of digits, and then deleted the account completely). Now I wonder if anyone else has had any similar-type experience? |
| Red Squirrel - Jun-25-2004 server time |
| Ndisuio.sys, a very mysterious system file is present in Windows XP and is a driver for wireless things such as wi-fi and bluetooth. However, there have been many issues with this file downloading immense amounts of data and perhaps causing activity that is "big brother"ish. http://www.iceteks.com/articles/db.php/act...cle/ndisuio/p/1 |
(Showing 50 last posts, newest on top)