"explorer.exe" and outgoing connections

Hi,

I’m Avast user and Kerio Personal Firewall. I use DSL internet connection and XP Pro.

Recently I realized that after connection to internet “explorer.exe” makes over 100 outgoing connections with different servers (e.g XX.XXX.XXX.XX: microsoft-ds). ???

I’ve checked computer by Avast and there was nothing suspicious. :-\

Is this situalction normal???

Thanx for any sugestions.

Greetingz for all. :slight_smile:

Hi,

what Win-Version do you have… ? Are yll Updates applid ? Please CHECK → www.windowsupdate.com

what avast version & VPS ?

where exactly is this explorer.exe located ? see Settings/logs of your firewall
please give exact examples of the FW-messages/log-file entries

also search +your PC for all Explorer.exe (set Explorer-options to show all files&folders) and list them here with full path/folder/filenames & sizes/dates

read “VirusRemoval” below and

  • scan all explorer.exe-files (especially the one your firewall alerts about) with KAV, RAV & Trend
  • post a hijacktis-Log

:wink:

Hi,

Thanks a lot for quick answer :smiley:

I can’t update Windows, because during checking my comp by www.windowsupdate.com error occurs. I rather think that I don’t have SP2. :cry:

Avast 4.1.418, VPS 0442-3 ;D

Location: c:\windows\explorer.exe; size: 979 kb; date: 2001-10-26

Other explorer.exe:
Location: c:\windows\prefetch\explorer.exe-082F38A9.pf; 17 kb; date: 2004-10-08

KPF log example:

c:\windows\explorer.exe out All:1242 69.20.104.3:http TCP action denied
c:\windows\explorer.exe out All:4009 205.209.184.180:http TCP action denied
c:\windows\explorer.exe out All:2382 205.209.184.180:http TCP action denied

I’m sorry, but I don’t know how to scan this file witch KAV, RAV & Trend (BTW, what is it? ???). The same with posting hijack logs…

ONLINE VIRUS SCANNERS

Jotti - Multi engine on-line virus scanner
You can also scan them at www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

TrendMicro’s Housecall
Bit Defender On-line Scanner
F-Secure On-line Scanner ActiveX required
These are just a few of the many on-line scanners out there, check out RejZor’s Website - Security Ops for more On-line Virus Scanners Security.Ops.tk

Jotti is easy to use, you simply browse (directory tree structure) to the file you want to check.

To attach a hijackthis log the easiest method is having created the log after running the program, open it with notepad or any text editor and copy the contents, then paste them into your reply post.

You can also attach the log file (but you must have renamed it to a text file .txt rather than .log) by clicking the Browse… button and using the same directory tree structure select the hijacklog (.txt) file.

Sorry,seems you have problem with RPC,your pc is infected yes,
you have to think twice before entering services.msc(Managing Tools)
I had this one 2 days ago and the PC tried to connect anytime,
my start URL changed to 217.31… cool websites,this is a Blasterworm
but cant get rid off it in a easy way because either,symanteco or Norton
and Avast Home dont detect it.Stinger didtn.t either.It seems that this one often comes with free screensaver sites.I had to install again and now I up again.The problems if you kill this prosess that the RPC
will restart after 1 min.(def)Last time I turned settings restore off
and changed the settings in Manage tools RPC to :Take no Action
it restarted I hopet,that was the story about my last XP-installation
My advice read carefully all manuals with the removal tool!I didnt!
Have a nice day norcool :stuck_out_tongue: