1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows explorer.exe

Discussion in 'Virus & Other Malware Removal' started by Nester, Jan 23, 2003.

Thread Status:
Not open for further replies.
  1. Nester

    Nester Thread Starter

    Joined:
    Mar 1, 2002
    Messages:
    178
    Hi,

    The last couple of days every time I connect to the internet Zone Alarm Pro alerts me of routed traffic being directed through my computer, I have also noticed that my IP address is trying to respond back to the routed traffic, and seems to be trying to go to Tiscai - this is the address I get from ZAP pro: (ppp.0-96.read-a-1.access.uk.tiscai.com) They are not my ISP and have got nothing to do with them at all, this happens as soon as I connect to the internet, it is being routed to a DNS server on port 53.


    I have scanned with Anti Trojan & Anti Virus programs and checked for spyware ect but nothing was found, I have just downloaded the newest update for Zone Alarm Pro and this time it didn't happen but now explorer.exe is trying to connect to the internet. The alert I get is (Windows Explorer requested permission to be a parent) is this normal and should I allow it to access the Internet? It uses a loopback address on port 1027 & sometimes on port 1030, I have just been looking through my log files and when it first tries to connect for the TYPE it says PE does this mean it is a packed executable or PE crypt?

    Hopefully this will all just turn out to be nothing and I will have just made a complete fool out of myself but it's just I have never had this kind of alert before and explorer.exe never usually tries to connect before internet explorer or even at all, I haven't noticed it if it has.

    Hopefully somebody knows what is going on if anything! and can help explain,

    Thanks alot for your help

    Nester
     
  2. mViOkPe

    mViOkPe

    Joined:
    Oct 15, 2002
    Messages:
    101
    You should probably check for multiple instances of Explorer.exe as this file name is associated with at least one malware. You can check by running StartupList found here; http://www.lurkhere.com/~nicefiles/index.html
    In the generated txt you will see much data. Look for a section like this;
    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    D:\WINNT\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    D:\WINNT\Explorer\Explorer.exe: not present
    D:\WINNT\System\Explorer.exe: not present
    D:\WINNT\System32\Explorer.exe: not present
    D:\WINNT\Command\Explorer.exe: not present

    --------------------------------------------------
    There should only be one. If more than one, please make sure your AV/AT definitions are updated because you will likely have a nasty. HTH
     
  3. Nester

    Nester Thread Starter

    Joined:
    Mar 1, 2002
    Messages:
    178
    Hi,

    Thank you for your reply, I have checked with StartupList and there is only one version of explorer.exe present, c:\windows\explorer.exe

    Should I allow explorer.exe to access the internet? It tries to use internet explorer and loops back to my computer - 127.0.0.1

    I have done some searching on the internet about it and most of the sites that mention explorer.exe accessing the Internet point to something not right going on.

    Thanks for your help

    Nester
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114838

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice