Re: Why would explorer.exe be listening on port 1024

From: Don Kelloway (
Date: 03/19/03

From: "Don Kelloway" <>
Date: Wed, 19 Mar 2003 20:11:06 GMT

The explorer.exe process (the desktop) may be responsible for internal
communication within the PC system itself. As a result you may receive
warnings from personal firewalls indicating this. Typically you can block
this communication without adverse affect.

Best regards,
Don Kelloway
Commodon Communications
Visit to learn about Back Orifice (BO), NetBus (NB),
SubSeven (Sub7), etc.  All of which are "Threats to Your Security on the
"James" <> wrote in message
> Hi,
> When I first boot up and the desktop is "settling down" I get a message
> Norton Internet Security telling me that it has blocked an intrusion
> that has the signature of the NetSpy trojan. It gives the following
> Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
> Inbound TCP connection
> Local address,service is (,1024)
> Remote address,service is (localhost,1036)
> Process name is "C:\WINDOWS\Explorer.EXE"
> When I look at the current connections, lo and behold, there is a process
> explorer.EXE connected locally on port 1024.
> I just installed Norton Internet Security 2003. Never used to get this
> message from 2002.
> I have scanned my whole system with Norton AV on this machine, the online
> version on the symantec website, Mcafee online from their website, and The
> Cleaner from Moosoft. No infection. Anywhere.
> But the question remains, why does explorer have a connection with port
> 1024, which is apparently known to be where NetSpy listens?
> I am running Windows XP Pro.
> Anyone who could shed some light on this would get lots of gratitude.
> Hope somebody knows about this...
> Thanks in advance,
> James Gardner.