|
Posted by Steve Horsley on May 6, 2004, 9:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Bobby wrote:
> I was observing strange behavior in my computer recently.
> I am running Windows Me with Outpost firewall. On the Open Ports
> page of Outpost firewall I see that Internet Explorer sequentially
> tries to open ports. For example
>
> IExplorer.exe 1017
> IExplorer.exe 1018
> IExplorer.exe 1019
>
> A few seconds later I see
>
> IExplorer.exe 1020
> IExplorer.exe 1021
> IExplorer.exe 1022
>
> Then
>
> IExplorer.exe 1023
> IExplorer.exe 1024
> IExplorer.exe 1025
>
> And so on. The Outpost is in Block Most mode. In addition to that I defined
> rules that block all well known ports like 135-139, 389, 445, 593, 636,
> 3368-3369, 1025, 1720, 1503 and 443 (both TCP and UDP, both inbound and
outbound).
>
> Besides that I used DCOMBobulator utility from grc.com web site to shut
> down DCOM.
>
> Does anyone encounter similar behavior?
>
> Any ideas why is it happening?
>
> Might it be new trojan?
>
> May be the IExplorer.exe was infected/modified by some virus/trojan?
>
> I did check my computer regularly and neither Spybot, nor Adaware, nor Norton
> Antivirus find any viruses/trojans.
>
> Thanks in advance
I suspect that this is just IE doing its thing. It is making several outgoing
calls,
using sequential source port numbers. This is normal. The only question is: do
you
expect IE to be making calls at this time? Does it have a page open that needs to
be refreshed occasionally (including adverts)?
Steve
| 
XML site map