Re: Why would explorer.exe be listening on port 1024

From: Don Kelloway (dkelloway@commodon.com)
Date: 03/19/03 

From: "Don Kelloway" <dkelloway@commodon.com>
Date: Wed, 19 Mar 2003 20:11:06 GMT

The explorer.exe process (the desktop) may be responsible for internal
communication within the PC system itself. As a result you may receive
warnings from personal firewalls indicating this. Typically you can block
this communication without adverse affect. 

--
Best regards,
Don Kelloway
Commodon Communications
http://www.commodon.com
Visit http://www.commodon.com to learn about Back Orifice (BO), NetBus (NB),
SubSeven (Sub7), etc.  All of which are "Threats to Your Security on the
Internet".
"James" <god@heaven.com> wrote in message
news:b5ag3b$no3$1@hercules.btinternet.com...
> Hi,
> When I first boot up and the desktop is "settling down" I get a message
from
> Norton Internet Security telling me that it has blocked an intrusion
attempt
> that has the signature of the NetSpy trojan. It gives the following
details.
>
> Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
> Inbound TCP connection
> Local address,service is (0.0.0.0,1024)
> Remote address,service is (localhost,1036)
> Process name is "C:\WINDOWS\Explorer.EXE"
>
> When I look at the current connections, lo and behold, there is a process
> explorer.EXE connected locally on port 1024.
> I just installed Norton Internet Security 2003. Never used to get this
> message from 2002.
> I have scanned my whole system with Norton AV on this machine, the online
> version on the symantec website, Mcafee online from their website, and The
> Cleaner from Moosoft. No infection. Anywhere.
> But the question remains, why does explorer have a connection with port
> 1024, which is apparently known to be where NetSpy listens?
> I am running Windows XP Pro.
> Anyone who could shed some light on this would get lots of gratitude.
> Hope somebody knows about this...
> Thanks in advance,
>
> James Gardner.
>
>
>

Relevant Pages

  • Re: Why would explorer.exe be listening on port 1024
    ... > that has the signature of the NetSpy trojan. ... > I just installed Norton Internet Security 2003. ... why does explorer have a connection with port ... I looked around and the only thing that came up was remote assistance. ...
    (alt.computer.security)
  • Repeated inbound to access svchost.exe
    ... Norton Internet Security (firewall) keeps displaying the following info. ... At the following communication was detected: ... The 'recommended' action is to allow the connection?! ...
    (comp.security.firewalls)
  • Why would explorer.exe be listening on port 1024
    ... Norton Internet Security telling me that it has blocked an intrusion attempt ... Rule "Default Block Netspy Trojan horse" stealthed ... version on the symantec website, Mcafee online from their website, and The ... why does explorer have a connection with port ...
    (alt.computer.security)
  • Why would explorer.exe be listening on port 1024
    ... Norton Internet Security telling me that it has blocked an intrusion attempt ... Rule "Default Block Netspy Trojan horse" stealthed ... version on the symantec website, Mcafee online from their website, and The ... why does explorer have a connection with port ...
    (comp.security.firewalls)
  • RE: Home XP Networkin Issues
    ... Norton Internet security or becasue you have not installed and set up file ... File sharing in windows has never been all that great. ... Desktop can see laptop on ... >> It looks like you have set up the Local Area Connection on both machines ...
    (microsoft.public.windowsxp.network_web)