Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Dave,
I hate to admit failure but I gave up and took the easy route. A clean
install fixed the problem.
I do appreciate your help.
Frank
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23jTeae$$EHA.1908@TK2MSFTNGP15.phx.gbl...
> Don't give up yet !
>
> BitDefender:
>
http://www.bitdefender.com/scan/license.php
>
> Computer Associates:
>
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>
> F-Secure:
>
http://support.f-secure.com/enu/home/ols.shtml
>
> Freedom Online scanner:
>
http://www.freedom.net/viruscenter/index.html
>
> Kaspersky:
>
http://www.kaspersky.com/de/scanforvirus
>
> McAfee:
>
http://www.mcafee.com/myapps/mfs/default.asp
>
> Panda:
> http://www.pandasoftware.com/activescan/
>
> Symantec:
> http://security.symantec.com/
>
>
>
> --
> Dave
>
>
>
>
> "Frank" <someone@microsoft.com> wrote in message
> news:erNcvV%23$EHA.2156@TK2MSFTNGP10.phx.gbl...
> | Well it appears as if I will be doing a clean install of Windows.
> | SysClean didn't find anything.
> | Stinger found something called c.bat which it considered dangerous and
> | Adaware found some cookie.
> | After it all Explorer.exe still trying to comunicate with the outside.
> |
> | Thanks for trying to help.
> |
> | Frank Klassen
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:OUAIbro$EHA.1396@tk2msftngp13.phx.gbl...
> | > Frank I'm not sure you are clean.
> | >
> | > 1) Download the following four items...
> | >
> | > McAfee Stinger
> | > http://vil.nai.com/vil/stinger/
> | >
> | > Trend Sysclean Package
> | >
http://www.trendmicro.com/download/dcs.asp
> | >
> | > Latest Trend Pattern File.
> | >
http://www.trendmicro.com/download/pattern.asp
> | >
> | > Adaware SE (free personal version v1.05)
> | > http://www.lavasoftusa.com/
> | >
> | > Create a directory.
> | > On drive "C:\"
> | > (e.g., "c:\New Folder")
> | > or the desktop
> | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> | >
> | > Download SYSCLEAN.COM and place it in that directory.
> | > Download the Trend Pattern File by obtaining the ZIP file.
> | > For example; lpt361.zip
> | >
> | > Extract the contents of the ZIP file and place the contents in the
same
> | directory as
> | > SYSCLEAN.COM .
> | >
> | > 2) Update Adaware with the latest definitions.
> | > 3) Disable System Restore
> | >
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> | > 4) Reboot your PC into Safe Mode [F8 key during boot]
> | > and shutdown as many applications as possible.
> | > 5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan
of
> | your
> | > platform and clean/delete any infectors/parasites found.
> | > (a few cycles may be needed)
> | > 6) Restart your PC and perform a "final" Full Scan of your
platform
> | using the three
> | > utilities; Trend Sysclean, Stinger and Adaware
> | > 7) Re-enable System Restore and re-apply any System Restore
> | preferences,
> | > (e.g. HD space to use suggested 400 ~ 600MB),
> | > 8) Reboot your PC.
> | > 9) Create a new Restore point
> | >
> | >
> | > * * * Please report your results ! * * *
> | >
> | > --
> | > Dave
> | >
http://www.claymania.com/removal-trojan-adware.html
> | >
> | >
> | >
> | >
> | > "Frank" <someone@microsoft.com> wrote in message
> | > news:uLedqSo$EHA.3840@tk2msftngp13.phx.gbl...
> | > | Thanks for helping.
> | > |
> | > | This is about 40 seconds worth.
> | > |
> | > | 01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80
> | > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to
213.224.140.57:3574
> | > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508
> | > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to
80.171.116.251:4718
> | > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to
24.182.101.208:2666
> | > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to
68.191.17.240:3802
> | > | 01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to
> | > | 80.171.116.251(80.171.116.251):9718
> | > | 01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to
166.82.53.210:3026
> | > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to
> | > | 68.49.91.50(68.49.91.50):9508
> | > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to
> | > | 213.224.140.57(213.224.140.57):8574
> | > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to
> | > | 68.191.17.240(68.191.17.240):8802
> | > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to
> | > | 24.182.101.208(24.182.101.208):7666
> | > | 01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to
> | > | 166.82.53.210(166.82.53.210):8026
> | > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to
165.134.177.105:4880
> | > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to
62.101.231.181:2931
> | > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to
169.254.241.4:1351
> | > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to
68.205.50.196:4187
> | > | 01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138
> | > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to
> | > | 165.134.177.105(165.134.177.105):9880
> | > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to
> | > | 68.205.50.196(68.205.50.196):9187
> | > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to
> | > | 169.254.241.4(169.254.241.4):6351
> | > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to
> | > | 62.101.231.181(62.101.231.181):7931
> | > | 01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to
> | > | 169.254.12.1(169.254.12.1):6138
> | > |
> | > | Zone alarm reports the following details on the file:
> | > |
> | > | Product Name: Microsoft Windows Operating System
> | > | File Name: C:\Windows\explorer.EXE (upper case exe by Zone
Alarm)
> | > | Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
> | > | Created Date: 04/08/2004
> | > | File Size: 1008 KB
> | > |
> | > | Frank Klassen
> | > |
> | > |
> | > |
> | > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | > | news:uhSLY6n$EHA.2584@TK2MSFTNGP09.phx.gbl...
> | > | > What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate
at ?
> | > | > What is the fully qualified path to EXPLORER.EXE that is trying to
> | access
> | > | the Internet ?
> | > | >
> | > | >
> | > | > --
> | > | > Dave
> | > | >
> | > | >
> | > | >
> | > | >
> | > | > "Frank" <someone@microsoft.com> wrote in message
> | > | > news:%23lcyctn$EHA.1564@TK2MSFTNGP09.phx.gbl...
> | > | > | Hi,
> | > | > |
> | > | > | I have a XP PC (Home) that was infected with worms & trojans.
> | > | > | Cleaned with Norton AV and Trend Micro on-line scan.
> | > | > | Installed Zone Alarm (Free version) to monitor out-going
traffic.
> | > | > | Installed SP2.
> | > | > | After SP2 install Zone Alarm notifies that explorer.exe wants
to
> | access
> | > | the
> | > | > | internet.
> | > | > | If I allow it access it sends out a series of pings to a random
lot
> | of
> | > | IP
> | > | > | addresses and ports.
> | > | > |
> | > | > | Is this normal?
> | > | > |
> | > | > | Frank Klassen
> | > | > |
> | > | > |
> | > | >
> | > | >
> | > |
> | > |
> | >
> | >
> |
> |
>
>
Facebook
Twitter
Instagram