Windows explorer.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Nester

Thread Starter
Joined
Mar 1, 2002
Messages
178
Hi,

The last couple of days every time I connect to the internet Zone Alarm Pro alerts me of routed traffic being directed through my computer, I have also noticed that my IP address is trying to respond back to the routed traffic, and seems to be trying to go to Tiscai - this is the address I get from ZAP pro: (ppp.0-96.read-a-1.access.uk.tiscai.com) They are not my ISP and have got nothing to do with them at all, this happens as soon as I connect to the internet, it is being routed to a DNS server on port 53.


I have scanned with Anti Trojan & Anti Virus programs and checked for spyware ect but nothing was found, I have just downloaded the newest update for Zone Alarm Pro and this time it didn't happen but now explorer.exe is trying to connect to the internet. The alert I get is (Windows Explorer requested permission to be a parent) is this normal and should I allow it to access the Internet? It uses a loopback address on port 1027 & sometimes on port 1030, I have just been looking through my log files and when it first tries to connect for the TYPE it says PE does this mean it is a packed executable or PE crypt?

Hopefully this will all just turn out to be nothing and I will have just made a complete fool out of myself but it's just I have never had this kind of alert before and explorer.exe never usually tries to connect before internet explorer or even at all, I haven't noticed it if it has.

Hopefully somebody knows what is going on if anything! and can help explain,

Thanks alot for your help

Nester
 
Joined
Oct 15, 2002
Messages
101
You should probably check for multiple instances of Explorer.exe as this file name is associated with at least one malware. You can check by running StartupList found here; http://www.lurkhere.com/~nicefiles/index.html
In the generated txt you will see much data. Look for a section like this;
--------------------------------------------------

Checking for EXPLORER.EXE instances:

D:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
D:\WINNT\Explorer\Explorer.exe: not present
D:\WINNT\System\Explorer.exe: not present
D:\WINNT\System32\Explorer.exe: not present
D:\WINNT\Command\Explorer.exe: not present

--------------------------------------------------
There should only be one. If more than one, please make sure your AV/AT definitions are updated because you will likely have a nasty. HTH
 

Nester

Thread Starter
Joined
Mar 1, 2002
Messages
178
Hi,

Thank you for your reply, I have checked with StartupList and there is only one version of explorer.exe present, c:\windows\explorer.exe

Should I allow explorer.exe to access the internet? It tries to use internet explorer and loops back to my computer - 127.0.0.1

I have done some searching on the internet about it and most of the sites that mention explorer.exe accessing the Internet point to something not right going on.

Thanks for your help

Nester
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top