Re: Why would explorer.exe be listening on port 1024

From: Ming Jin (
Date: 03/27/03

From: "Ming Jin" <>
Date: Thu, 27 Mar 2003 02:01:51 GMT

Basically some windows process will setup a "internal loop" connection for
unknown reason
I have observed some cases with TDIMON, just like "heart beat".

I think since this connection is not come from outside, don't worry about

"James" <> wrote in message
> Hi,
> When I first boot up and the desktop is "settling down" I get a message
> Norton Internet Security telling me that it has blocked an intrusion
> that has the signature of the NetSpy trojan. It gives the following
> Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
> Inbound TCP connection
> Local address,service is (,1024)
> Remote address,service is (localhost,1036)
> Process name is "C:\WINDOWS\Explorer.EXE"
> When I look at the current connections, lo and behold, there is a process
> explorer.EXE connected locally on port 1024.
> I just installed Norton Internet Security 2003. Never used to get this
> message from 2002.
> I have scanned my whole system with Norton AV on this machine, the online
> version on the symantec website, Mcafee online from their website, and The
> Cleaner from Moosoft. No infection. Anywhere.
> But the question remains, why does explorer have a connection with port
> 1024, which is apparently known to be where NetSpy listens?
> I am running Windows XP Pro.
> Anyone who could shed some light on this would get lots of gratitude.
> Hope somebody knows about this...
> Thanks in advance,
> James Gardner.