Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Windows explorer.exe

914 Views 2 Replies 2 Participants Last post by  Nester
N
Hi,

The last couple of days every time I connect to the internet Zone Alarm Pro alerts me of routed traffic being directed through my computer, I have also noticed that my IP address is trying to respond back to the routed traffic, and seems to be trying to go to Tiscai - this is the address I get from ZAP pro: (ppp.0-96.read-a-1.access.uk.tiscai.com) They are not my ISP and have got nothing to do with them at all, this happens as soon as I connect to the internet, it is being routed to a DNS server on port 53.


I have scanned with Anti Trojan & Anti Virus programs and checked for spyware ect but nothing was found, I have just downloaded the newest update for Zone Alarm Pro and this time it didn't happen but now explorer.exe is trying to connect to the internet. The alert I get is (Windows Explorer requested permission to be a parent) is this normal and should I allow it to access the Internet? It uses a loopback address on port 1027 & sometimes on port 1030, I have just been looking through my log files and when it first tries to connect for the TYPE it says PE does this mean it is a packed executable or PE crypt?

Hopefully this will all just turn out to be nothing and I will have just made a complete fool out of myself but it's just I have never had this kind of alert before and explorer.exe never usually tries to connect before internet explorer or even at all, I haven't noticed it if it has.

Hopefully somebody knows what is going on if anything! and can help explain,

Thanks alot for your help

Nester
Save
Like
Status
Not open for further replies.
1 - 3 of 3 Posts
M
You should probably check for multiple instances of Explorer.exe as this file name is associated with at least one malware. You can check by running StartupList found here; http://www.lurkhere.com/~nicefiles/index.html
In the generated txt you will see much data. Look for a section like this;
--------------------------------------------------

Checking for EXPLORER.EXE instances:

D:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
D:\WINNT\Explorer\Explorer.exe: not present
D:\WINNT\System\Explorer.exe: not present
D:\WINNT\System32\Explorer.exe: not present
D:\WINNT\Command\Explorer.exe: not present

--------------------------------------------------
There should only be one. If more than one, please make sure your AV/AT definitions are updated because you will likely have a nasty. HTH
See less See more
Save
Like
N
Hi,

Thank you for your reply, I have checked with StartupList and there is only one version of explorer.exe present, c:\windows\explorer.exe

Should I allow explorer.exe to access the internet? It tries to use internet explorer and loops back to my computer - 127.0.0.1

I have done some searching on the internet about it and most of the sites that mention explorer.exe accessing the Internet point to something not right going on.

Thanks for your help

Nester
Save
Like
1 - 3 of 3 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top