Re: Why would explorer.exe be listening on port 1024

From: Ming Jin (martinkin@attbi.com)
Date: 03/27/03


From: "Ming Jin" <martinkin@attbi.com>
Date: Thu, 27 Mar 2003 02:01:51 GMT

Basically some windows process will setup a "internal loop" connection for
unknown reason
I have observed some cases with TDIMON, just like "heart beat".

I think since this connection is not come from outside, don't worry about
it.

"James" <god@heaven.com> wrote in message
news:b5ag3b$no3$1@hercules.btinternet.com...
> Hi,
> When I first boot up and the desktop is "settling down" I get a message
from
> Norton Internet Security telling me that it has blocked an intrusion
attempt
> that has the signature of the NetSpy trojan. It gives the following
details.
>
> Rule "Default Block Netspy Trojan horse" stealthed (localhost,1024)
> Inbound TCP connection
> Local address,service is (0.0.0.0,1024)
> Remote address,service is (localhost,1036)
> Process name is "C:\WINDOWS\Explorer.EXE"
>
> When I look at the current connections, lo and behold, there is a process
> explorer.EXE connected locally on port 1024.
> I just installed Norton Internet Security 2003. Never used to get this
> message from 2002.
> I have scanned my whole system with Norton AV on this machine, the online
> version on the symantec website, Mcafee online from their website, and The
> Cleaner from Moosoft. No infection. Anywhere.
> But the question remains, why does explorer have a connection with port
> 1024, which is apparently known to be where NetSpy listens?
> I am running Windows XP Pro.
> Anyone who could shed some light on this would get lots of gratitude.
> Hope somebody knows about this...
> Thanks in advance,
>
> James Gardner.
>
>
>



Relevant Pages

  • Re: Why would explorer.exe be listening on port 1024
    ... > that has the signature of the NetSpy trojan. ... > I just installed Norton Internet Security 2003. ... why does explorer have a connection with port ... I looked around and the only thing that came up was remote assistance. ...
    (alt.computer.security)
  • Re: Why would explorer.exe be listening on port 1024
    ... communication within the PC system itself. ... > that has the signature of the NetSpy trojan. ... > I just installed Norton Internet Security 2003. ... why does explorer have a connection with port ...
    (alt.computer.security)
  • RE: Home XP Networkin Issues
    ... Norton Internet security or becasue you have not installed and set up file ... File sharing in windows has never been all that great. ... Desktop can see laptop on ... >> It looks like you have set up the Local Area Connection on both machines ...
    (microsoft.public.windowsxp.network_web)
  • Re: Worried re lots of UDP in and out
    ... If you have not scanned your computer for malware, spyware, and trojans [use ... I have Norton Internet Security ... not to send passwords and credit card numbers over this connection, ... The PeerGuardian2 documentation doesn't have anything to say on this ...
    (microsoft.public.windowsxp.security_admin)
  • Why would explorer.exe be listening on port 1024
    ... Norton Internet Security telling me that it has blocked an intrusion attempt ... Rule "Default Block Netspy Trojan horse" stealthed ... version on the symantec website, Mcafee online from their website, and The ... why does explorer have a connection with port ...
    (comp.security.firewalls)