Something has been causing more than its fair share of instabilities, BSODs and Comodo crashes on my machine. This time I think I caught it, something called ppkerop.exe. This file does not exist locally. There is no .dmp or Dr Watson. There is much chatter online about the same problem, but no answers or acknowledgment by Party Poker (who’s users I assume are the target) -
App log -
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Time: 11:22:02 AM
The description for Event ID ( 1000 ) in Source ( Application Error ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: pprekop.exe, 220.127.116.11, ole32.dll, 5.1.2600.2182, 10017bed.
0000: 66 00 78 00 31 00 6e 00 f.x.1.n.
0008: 55 00 32 00 6b 00 33 00 U.2.k.3.
0010: 75 00 53 00 2b 00 65 00 u.S.+.e.
0018: 63 c
Firewall log (it killed the firewall) -
Date/Time :2007-09-02 11:22:01
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 18.104.22.168, Port = ms-rpc(135))
Protocol: TCP Incoming
TCP Flags: SYN
Reason: Network Control Rule ID = 7
Culprit doing it (in this case) -
Whether its mere coincidence, or work of the devil, I have also started noticing a much higher frequency of SQL port probes at the same time.
Has anyone experienced this or heard anything about it ? My system hasn’t actually been penetrated that I know of, but it has been killed dead. Repeatedly. I’ve run multiple rootkit / malware scanners. Nothing. Log atached - pprekop.rar
[attachment deleted by admin]