Re: explorer.exe want to access the internet
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/20/05
- Next message: JW: "Re: removing infected files"
- Previous message: a nonymous: "Re: Password Policy"
- In reply to: Frank: "Re: explorer.exe want to access the internet"
- Next in thread: Frank: "Re: explorer.exe want to access the internet"
- Reply: Frank: "Re: explorer.exe want to access the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Jan 2005 19:56:18 -0500
Frank I'm not sure you are clean.
1) Download the following four items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt361.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .
2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point
* * * Please report your results ! * * *
-- Dave http://www.claymania.com/removal-trojan-adware.html "Frank" <someone@microsoft.com> wrote in message news:uLedqSo$EHA.3840@tk2msftngp13.phx.gbl... | Thanks for helping. | | This is about 40 seconds worth. | | 01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80 | 01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to 213.224.140.57:3574 | 01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508 | 01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to 80.171.116.251:4718 | 01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to 24.182.101.208:2666 | 01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to 68.191.17.240:3802 | 01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to | 80.171.116.251(80.171.116.251):9718 | 01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to 166.82.53.210:3026 | 01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to | 68.49.91.50(68.49.91.50):9508 | 01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to | 213.224.140.57(213.224.140.57):8574 | 01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to | 68.191.17.240(68.191.17.240):8802 | 01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to | 24.182.101.208(24.182.101.208):7666 | 01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to | 166.82.53.210(166.82.53.210):8026 | 01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to 165.134.177.105:4880 | 01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to 62.101.231.181:2931 | 01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to 169.254.241.4:1351 | 01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to 68.205.50.196:4187 | 01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138 | 01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to | 165.134.177.105(165.134.177.105):9880 | 01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to | 68.205.50.196(68.205.50.196):9187 | 01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to | 169.254.241.4(169.254.241.4):6351 | 01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to | 62.101.231.181(62.101.231.181):7931 | 01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to | 169.254.12.1(169.254.12.1):6138 | | Zone alarm reports the following details on the file: | | Product Name: Microsoft Windows Operating System | File Name: C:\Windows\explorer.EXE (upper case exe by Zone Alarm) | Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Created Date: 04/08/2004 | File Size: 1008 KB | | Frank Klassen | | | | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:uhSLY6n$EHA.2584@TK2MSFTNGP09.phx.gbl... | > What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate at ? | > What is the fully qualified path to EXPLORER.EXE that is trying to access | the Internet ? | > | > | > -- | > Dave | > | > | > | > | > "Frank" <someone@microsoft.com> wrote in message | > news:%23lcyctn$EHA.1564@TK2MSFTNGP09.phx.gbl... | > | Hi, | > | | > | I have a XP PC (Home) that was infected with worms & trojans. | > | Cleaned with Norton AV and Trend Micro on-line scan. | > | Installed Zone Alarm (Free version) to monitor out-going traffic. | > | Installed SP2. | > | After SP2 install Zone Alarm notifies that explorer.exe wants to access | the | > | internet. | > | If I allow it access it sends out a series of pings to a random lot of | IP | > | addresses and ports. | > | | > | Is this normal? | > | | > | Frank Klassen | > | | > | | > | > | |
- Next message: JW: "Re: removing infected files"
- Previous message: a nonymous: "Re: Password Policy"
- In reply to: Frank: "Re: explorer.exe want to access the internet"
- Next in thread: Frank: "Re: explorer.exe want to access the internet"
- Reply: Frank: "Re: explorer.exe want to access the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
