|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
February 9th 17, 12:33 AM
posted to alt.comp.os.windows-10
|
|||
|
|||
Mysterious System Event log entry
There was an Error entry in the Windows System log, reporting that the
following service: KEtKQqpS7CZJkKhqmTe9YA==._http._tcp.local. had failed to start on the last boot. Does this seem like malware, or do processes concoct random service names for legitimate purposes? TIA 
|
| Ads |
|
#2
February 9th 17, 10:23 AM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
Jason wrote:
There was an Error entry in the Windows System log, reporting that the following service: KEtKQqpS7CZJkKhqmTe9YA==._http._tcp.local. had failed to start on the last boot. Does this seem like malware, or do processes concoct random service names for legitimate purposes? TIA https://github.com/vstirbu/ZeroConf [keywords:Zeroconf, Bonjour, Avahi, service discovery] "qualifiedname": "Black iPod._http._tcp.local." The implication, is something is using Bonjour or maybe SSDP. That accounts for the tail-end of the name. However, I'm not able to match the front part. I'm very bad with encodings and remembering their names. Maybe if you can find the decoder for that string, the plaintext is actually plaintext :-) What I could really use, is a website, where you drop in a string like the above, and it tries all the encodings that fit the character-set used. The "==" on the end, implies a filler. Six groups of four, gives six groups of three on output. The two equals means toss the last two. Someone is trying to pass 16 bytes of data. Now, is 16 bytes IPV6 ? KEtKQqpS7CZJkKhqmTe9YA== https://en.wikipedia.org/wiki/Base64encoded No, that's not helping. I have an awk script, not really directly suited, and so I did the first four characters by hand. K = 10 decimal = 001010 binary 001010 000100 101101 001010 00101000 01001011 01001010 28 4B 4A 284B4A42AA52EC264990A86A9937BD60 Is it a GUID ? I tried a search and... nothing. I tried my Win10 AE registry too. 284B4A42-AA52-EC26-4990-A86A9937BD60 Paul
|
|
#3
February 9th 17, 10:36 AM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
Paul wrote:
Jason wrote: There was an Error entry in the Windows System log, reporting that the following service: KEtKQqpS7CZJkKhqmTe9YA==._http._tcp.local. had failed to start on the last boot. Does this seem like malware, or do processes concoct random service names for legitimate purposes? TIA Here are a couple more ideas. http://serverfault.com/questions/118...to-use-bonjour https://github.com/jloutsenhizer/CR-...umentation-WIP Paul
|
|
#4
February 9th 17, 08:10 PM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
On Thu, 09 Feb 2017 05:23:27 -0500 "Paul" wrote in
article The implication, is something is using Bonjour or maybe SSDP. That accounts for the tail-end of the name. I have iTunes installed. It checks for updates when Windows starts. Perhaps this time something failed. Thanks, Paul - I'll dig deeper if I see this again. Jason
|
|
#5
February 10th 17, 12:31 AM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
Jason wrote:
On Thu, 09 Feb 2017 05:23:27 -0500 "Paul" wrote in article The implication, is something is using Bonjour or maybe SSDP. That accounts for the tail-end of the name. I have iTunes installed. Well that is why you have Bonjour. It checks for updates when Windows starts. Perhaps this time something failed. Thanks, Paul - I'll dig deeper if I see this again. Seems that all the systems that I come across with iTunes installed in Events there is always countless logged crashes for the Bonjour service. -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com
|
|
#6
February 10th 17, 01:50 AM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
On Thu, 9 Feb 2017 19:31:10 -0500 "Jonathan N. Little"
wrote in article I have iTunes installed. Well that is why you have Bonjour. I know  It checks for updates when Windows starts. Perhaps this time something failed. Thanks, Paul - I'll dig deeper if I see this again. Seems that all the systems that I come across with iTunes installed in Events there is always countless logged crashes for the Bonjour service. I have not seen this error before. I've had iTunes installed for years on XP, Win 7 and now Win 10. I've thought about tossing it - I don't really use it for its intended purpose. I have a small collection of tracks and some podcasts. If I ditch iTunes I'm not sure I can use them - can other media players handle AAC files?
|
|
#7
February 10th 17, 02:19 AM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
|
|
#8
February 10th 17, 03:39 PM
posted to alt.comp.os.windows-10
|
|||
|
|||
|
Mysterious System Event log entry
|
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
