• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

DHCP32.exe a legit process? Two in mcsonfig startup...

Achilles97

Senior member
There are two DHCP32.exe processes in ..Windows\CurrentVersion\Run . My firewall detected this thing sending out on a 6000-level port on boot.

Is this process legit? This is Windows 2000.

Thanks!
 
Originally posted by: phatrabt
It looks valid:
Google Groups are your friend!!!

Not if you don't understand how to interpret the response. It's definately not a system file, could be a third party dhcp server (you'd probably know if you were running one tho). What does the version information on the file say (and what size is the file?)

Bill
 
Hey guys. There are two DHCP32.exe files, both are in the startup list. One is in \WINNT\, the other is in \WINNT\System32\ . I killed those processes and removed them from the startup and it didn't hurt anything.

The files were created yesterday a day after I installed Windows. They are 38k in size.

I think they were malware. What else should I look for?

Thanks!

Edit: I just found some entries in the registry:

HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft STS Service\:
command=DHCP32.exe
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run


...\Windows\CurrentVersion\RunServices\:
Microsoft STS Service=DHCP32.exe


Anyone know what that is?

Thanks
 
I noticed you have another post on this board that your getting malware and crap like that after just a day of having Windows installed. At this point I would start to look into your browsing habits. Windows machines don't just "get" malware on them from sitting on the Internet. What sites are you going to? Are they reputable trusted sites? Are there lots of popups on these sites? Are you just clicking blindingly on links?

 
Originally posted by: mikecel79
I noticed you have another post on this board that your getting malware and crap like that after just a day of having Windows installed. At this point I would start to look into your browsing habits. Windows machines don't just "get" malware on them from sitting on the Internet. What sites are you going to? Are they reputable trusted sites? Are there lots of popups on these sites? Are you just clicking blindingly on links?

I did reinstall Windows. This is my first Win2k machine. The problem before was that I didn't have my firewall setup correctly and I was getting hit with the blaster/nachi, etc before I could do Windows Update.
 
I did reinstall Windows. This is my first Win2k machine. The problem before was that I didn't have my firewall setup correctly and I was getting hit with the blaster/nachi, etc before I could do Windows Update.
If it were me, I would start from the top and do it right this time. And get yourself a router to serve as your outer line of defense too, they're not that expensive at ~$40.

 
are you hooked directly to you cable modem? If so then that is a REALLY BAD idea for a freshly installed system. I would get your Firewall app, burn it to a CD and then reinstall, installing the firewall prior to attaching the network. That way you can fend of the malware until you get the system patched. Otherwise you are infected before you have the opportunity to get the system patched.

Panther
 
Sorry for the confusing reply earlier. I don't recognize DHCP32.exe so I would reformat AFTER getting a router with a firewall. Besides the protection factor you get from it it'll let you add computers at a later date if you need to.
 
Back
Top