Re: Why would explorer.exe be listening on port 1024
From: Don Kelloway (email@example.com)
From: "Don Kelloway" <firstname.lastname@example.org> Date: Wed, 19 Mar 2003 20:11:06 GMT
The explorer.exe process (the desktop) may be responsible for internal
communication within the PC system itself. As a result you may receive
warnings from personal firewalls indicating this. Typically you can block
this communication without adverse affect.
-- Best regards, Don Kelloway Commodon Communications http://www.commodon.com Visit http://www.commodon.com to learn about Back Orifice (BO), NetBus (NB), SubSeven (Sub7), etc. All of which are "Threats to Your Security on the Internet". "James" <email@example.com> wrote in message news:firstname.lastname@example.org... > Hi, > When I first boot up and the desktop is "settling down" I get a message from > Norton Internet Security telling me that it has blocked an intrusion attempt > that has the signature of the NetSpy trojan. It gives the following details. > > Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024) > Inbound TCP connection > Local address,service is (0.0.0.0,1024) > Remote address,service is (localhost,1036) > Process name is "C:\WINDOWS\Explorer.EXE" > > When I look at the current connections, lo and behold, there is a process > explorer.EXE connected locally on port 1024. > I just installed Norton Internet Security 2003. Never used to get this > message from 2002. > I have scanned my whole system with Norton AV on this machine, the online > version on the symantec website, Mcafee online from their website, and The > Cleaner from Moosoft. No infection. Anywhere. > But the question remains, why does explorer have a connection with port > 1024, which is apparently known to be where NetSpy listens? > I am running Windows XP Pro. > Anyone who could shed some light on this would get lots of gratitude. > Hope somebody knows about this... > Thanks in advance, > > James Gardner. > > >