Re: Why would explorer.exe be listening on port 1024

From: Don Kelloway (dkelloway@commodon.com)
Date: 03/19/03


From: "Don Kelloway" <dkelloway@commodon.com>
Date: Wed, 19 Mar 2003 20:11:06 GMT

The explorer.exe process (the desktop) may be responsible for internal
communication within the PC system itself. As a result you may receive
warnings from personal firewalls indicating this. Typically you can block
this communication without adverse affect.

--
Best regards,
Don Kelloway
Commodon Communications
http://www.commodon.com
Visit http://www.commodon.com to learn about Back Orifice (BO), NetBus (NB),
SubSeven (Sub7), etc.  All of which are "Threats to Your Security on the
Internet".
"James" <god@heaven.com> wrote in message
news:b5ag3b$no3$1@hercules.btinternet.com...
> Hi,
> When I first boot up and the desktop is "settling down" I get a message
from
> Norton Internet Security telling me that it has blocked an intrusion
attempt
> that has the signature of the NetSpy trojan. It gives the following
details.
>
> Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
> Inbound TCP connection
> Local address,service is (0.0.0.0,1024)
> Remote address,service is (localhost,1036)
> Process name is "C:\WINDOWS\Explorer.EXE"
>
> When I look at the current connections, lo and behold, there is a process
> explorer.EXE connected locally on port 1024.
> I just installed Norton Internet Security 2003. Never used to get this
> message from 2002.
> I have scanned my whole system with Norton AV on this machine, the online
> version on the symantec website, Mcafee online from their website, and The
> Cleaner from Moosoft. No infection. Anywhere.
> But the question remains, why does explorer have a connection with port
> 1024, which is apparently known to be where NetSpy listens?
> I am running Windows XP Pro.
> Anyone who could shed some light on this would get lots of gratitude.
> Hope somebody knows about this...
> Thanks in advance,
>
> James Gardner.
>
>
>