ixplore listening on a localhost UDP Port?

ixplore listening on a localhost UDP Port?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
ixplore listening on a localhost UDP Port? =?Utf-8?B?b25hdGFu?= 11-22-2005
Posted by =?Utf-8?B?b25hdGFu?= on November 22, 2005, 4:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
For some time now i see random ixplore processes on my computer that that
are not related to any open browser.
Netstat - ano shows the process to listen on 127.0.0.1 UDP 3410
portqry shows the following: any ideas? what tools are there to somehow
query the port?

Process ID: 288 (iexplore.exe)

Process doesn't appear to be a service

PID Port Local IP State Remote IP:Port
288 UDP 3410 127.0.0.1 *:*

Port Statistics

TCP mappings: 0
UDP mappings: 1


Loaded modules:
C:\Program Files\Internet Explorer\iexplore.exe (0x00400000)

C:\WINDOWS\system32\ntdll.dll (0x7C900000)
C:\WINDOWS\system32\kernel32.dll (0x7C800000)
C:\WINDOWS\system32\msvcrt.dll (0x77C10000)
C:\WINDOWS\system32\USER32.dll (0x77D40000)
C:\WINDOWS\system32\GDI32.dll (0x77F10000)
C:\WINDOWS\system32\SHLWAPI.dll (0x77F60000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77E70000)
C:\WINDOWS\system32\SHDOCVW.dll (0x77760000)
C:\WINDOWS\system32\CRYPT32.dll (0x77A80000)
C:\WINDOWS\system32\MSASN1.dll (0x77B20000)
C:\WINDOWS\system32\CRYPTUI.dll (0x754D0000)
C:\WINDOWS\system32\WINTRUST.dll (0x76C30000)
C:\WINDOWS\system32\IMAGEHLP.dll (0x76C90000)
C:\WINDOWS\system32\OLEAUT32.dll (0x77120000)
C:\WINDOWS\system32\ole32.dll (0x774E0000)
C:\WINDOWS\system32\NETAPI32.dll (0x5B860000)
C:\WINDOWS\system32\WININET.dll (0x771B0000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F60000)
C:\WINDOWS\system32\VERSION.dll (0x77C00000)
C:\WINDOWS\system32\LPK.DLL (0x629C0000)
C:\WINDOWS\system32\USP10.dll (0x74D90000)
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (0x10000000)
C:\WINDOWS\system32\WS2_32.dll (0x71AB0000)
C:\WINDOWS\system32\WS2HELP.dll (0x71AA0000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2180_x-ww_a84f1ff9\comctl32.dll (0x773D0000)
C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopResources_en.dll (0x62000000)
C:\WINDOWS\system32\mswsock.dll (0x71A50000)
C:\WINDOWS\system32\SHELL32.dll (0x7C9C0000)
C:\WINDOWS\system32\comctl32.dll (0x5D090000)
C:\WINDOWS\system32\uxtheme.dll (0x5AD70000)
C:\WINDOWS\system32\MSCTF.dll (0x74720000)
C:\WINDOWS\system32\BROWSEUI.dll (0x75F80000)
C:\WINDOWS\system32\browselc.dll (0x20000000)
C:\WINDOWS\system32\appHelp.dll (0x77B40000)
C:\WINDOWS\system32\CLBCATQ.DLL (0x76FD0000)
C:\WINDOWS\system32\COMRes.dll (0x77050000)
C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL (0x41000000)
C:\WINDOWS\system32\urlmon.dll (0x77260000)
C:\WINDOWS\system32\Secur32.dll (0x77FE0000)
C:\WINDOWS\system32\SETUPAPI.dll (0x77920000)
c:\program files\google\googletoolbar1.dll (0x011B0000)
C:\WINDOWS\system32\WSOCK32.dll (0x71AD0000)
C:\WINDOWS\system32\WINMM.dll (0x76B40000)
C:\WINDOWS\system32\MSIMG32.dll (0x76380000)
C:\WINDOWS\system32\DBGHELP.DLL (0x59A60000)
C:\WINDOWS\system32\RASAPI32.DLL (0x76EE0000)
C:\WINDOWS\system32\rasman.dll (0x76E90000)
C:\WINDOWS\system32\TAPI32.dll (0x76EB0000)
C:\WINDOWS\system32\rtutils.dll (0x76E80000)
C:\WINDOWS\system32\ntshrui.dll (0x76990000)
C:\WINDOWS\system32\ATL.DLL (0x76B20000)
C:\WINDOWS\system32\USERENV.dll (0x769C0000)
C:\WINDOWS\system32\sensapi.dll (0x722B0000)
C:\WINDOWS\system32\msi.dll (0x01540000)
C:\WINDOWS\system32\MPR.dll (0x71B20000)
C:\WINDOWS\System32\drprov.dll (0x75F60000)
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (0x01810000)
C:\WINDOWS\system32\ATL71.DLL (0x7C120000)
C:\WINDOWS\system32\MSVCP71.dll (0x7C3A0000)
C:\WINDOWS\system32\MSVCR71.dll (0x7C340000)
C:\WINDOWS\System32\ntlanman.dll (0x71C10000)
C:\WINDOWS\System32\NETUI0.dll (0x71CD0000)
C:\WINDOWS\System32\NETUI1.dll (0x71C90000)
C:\WINDOWS\System32\NETRAP.dll (0x71C80000)
C:\WINDOWS\System32\SAMLIB.dll (0x71BF0000)
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (0x62900000)
C:\WINDOWS\System32\davclnt.dll (0x75F70000)
C:\WINDOWS\System32\mlang.dll (0x75CF0000)
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (0x01880000)
C:\WINDOWS\system32\SXS.DLL (0x75E90000)
C:\WINDOWS\system32\shdoclc.dll (0x01320000)
C:\WINDOWS\system32\xpsp2res.dll (0x01B20000)
C:\WINDOWS\system32\imslsp.dll (0x01EF0000)
C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll (0x021A0000)
C:\WINDOWS\system32\ZoneLabs\dbghelp.dll (0x02800000)
C:\WINDOWS\system32\ZoneLabs\vetredir.dll (0x013E0000)
C:\WINDOWS\system32\hnetcfg.dll (0x662B0000)
C:\WINDOWS\system32\ZoneLabs\isafeif.dll (0x02770000)
C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll (0x65200000)
C:\WINDOWS\System32\wshtcpip.dll (0x71A90000)
C:\WINDOWS\system32\DNSAPI.dll (0x76F20000)
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll (0x65000000)
C:\Program Files\Yahoo!\Companion\Installs\cpn0\YMERemote.dll (0x64100000)
C:\WINDOWS\system32\mslbui.dll (0x605D0000)
C:\WINDOWS\system32\rasadhlp.dll (0x76FC0000)
C:\WINDOWS\System32\mshtml.dll (0x7D4A0000)
C:\WINDOWS\System32\msls31.dll (0x746C0000)
C:\WINDOWS\System32\msimtf.dll (0x746F0000)
C:\WINDOWS\ime\sptip.dll (0x5C2C0000)
C:\WINDOWS\system32\OLEACC.dll (0x74C80000)
C:\WINDOWS\system32\MSVCP60.dll (0x76080000)
C:\WINDOWS\IME\SPGRMR.DLL (0x03CE0000)
C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (0x03D00000)
c:\windows\system32\jscript.dll (0x75C50000)
c:\windows\system32\vbscript.dll (0x73300000)
c:\windows\system32\MFC42.DLL (0x73DD0000)
C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx (0x30000000)
C:\WINDOWS\system32\comdlg32.dll (0x763B0000)
C:\WINDOWS\system32\wdmaud.drv (0x72D20000)
C:\WINDOWS\system32\msacm32.drv (0x72D10000)
C:\WINDOWS\system32\MSACM32.dll (0x77BE0000)
C:\WINDOWS\system32\midimap.dll (0x77BD0000)
C:\WINDOWS\System32\ddrawex.dll (0x6D430000)
C:\WINDOWS\System32\DDRAW.dll (0x73760000)
C:\WINDOWS\System32\DCIMAN32.dll (0x73BC0000)
C:\WINDOWS\System32\WINSPOOL.DRV (0x73000000)
C:\WINDOWS\System32\actxprxy.dll (0x71D40000)
C:\WINDOWS\system32\MSGINA.dll (0x75970000)
C:\WINDOWS\system32\WINSTA.dll (0x76360000)
C:\WINDOWS\system32\ODBC32.dll (0x74320000)
C:\WINDOWS\system32\odbcint.dll (0x05B60000)
C:\WINDOWS\system32\IMM32.dll (0x76390000)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\UNIDRV.DLL (0x767E0000)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\UNIDRVUI.DLL (0x767A0000)
C:\WINDOWS\system32\DSOUND.dll (0x73F10000)
C:\WINDOWS\system32\KsUser.dll (0x73EE0000)
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (0x6D590000)
C:\WINDOWS\system32\OLEPRO32.DLL (0x5EDD0000)
C:\Program Files\Java\jre1.5.0_04\bin\jpiexp32.dll (0x6D400000)
C:\WINDOWS\System32\winrnr.dll (0x76FB0000)
C:\Program Files\Java\jre1.5.0_04\bin\jpishare.dll (0x6D450000)
C:\PROGRA~1\Java\JRE15~1.0_0\bin\client\jvm.dll (0x6D640000)
C:\PROGRA~1\Java\JRE15~1.0_0\bin\hpi.dll (0x6D280000)
C:\WINDOWS\system32\PSAPI.DLL (0x76BF0000)
C:\PROGRA~1\Java\JRE15~1.0_0\bin\verify.dll (0x6D610000)
C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.dll (0x6D300000)
C:\PROGRA~1\Java\JRE15~1.0_0\bin\zip.dll (0x6D630000)
C:\Program Files\Java\jre1.5.0_04\bin\awt.dll (0x6D000000)
C:\WINDOWS\system32\D3DIM700.DLL (0x73940000)
C:\Program Files\Java\jre1.5.0_04\bin\fontmanager.dll (0x6D240000)
C:\Program Files\Java\jre1.5.0_04\bin\deploy.dll (0x6D1F0000)
C:\Program Files\Java\jre1.5.0_04\bin\RegUtils.dll (0x6D5D0000)
C:\Program Files\Java\jre1.5.0_04\bin\jpicom32.dll (0x6D3E0000)
C:\Program Files\Java\jre1.5.0_04\bin\net.dll (0x6D4C0000)
C:\Program Files\Java\jre1.5.0_04\bin\jsound.dll (0x6D470000)
C:\Program Files\Java\jre1.5.0_04\bin\jsoundds.dll (0x6D4A0000)
C:\WINDOWS\System32\msieftp.dll (0x66400000)
C:\WINDOWS\System32\dispex.dll (0x6CC60000)
C:\WINDOWS\system32\MSRATING.dll (0x5FF20000)
C:\WINDOWS\system32\msratelc.dll (0x5FF50000)
C:\WINDOWS\system32\rsaenh.dll (0x0FFD0000)
C:\Program Files\Java\jre1.5.0_04\bin\dcpr.dll (0x6D1C0000)
C:\Program Files\Java\jre1.5.0_04\bin\nio.dll (0x6D4E0000)
C:\WINDOWS\system32\msxml3.dll (0x74980000)
C:\WINDOWS\system32\WINHTTP.dll (0x4D4F0000)
C:\WINDOWS\System32\dxtrans.dll (0x6BDD0000)
C:\WINDOWS\system32\ImgUtil.dll (0x66880000)
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll (0x5DE30000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x
-ww_522f9f82\gdiplus.dll (0x4EC50000)
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll (0x0FF60000)
C:\WINDOWS\system32\LINKINFO.dll (0x76980000)
C:\WINDOWS\System32\sti.dll (0x73BA0000)
C:\WINDOWS\System32\CFGMGR32.dll (0x74AE0000)


Posted by David H. Lipman on November 22, 2005, 4:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| For some time now i see random ixplore processes on my computer that that
| are not related to any open browser.
| Netstat - ano shows the process to listen on 127.0.0.1 UDP 3410
| portqry shows the following: any ideas? what tools are there to somehow
| query the port?
|
| Process ID: 288 (iexplore.exe)
|
| Process doesn't appear to be a service
|
| PID Port Local IP State Remote IP:Port
| 288 UDP 3410 127.0.0.1 *:*
|
| Port Statistics
|
| TCP mappings: 0
| UDP mappings: 1
|

< snip >

There was much to view in that. but I didn't seee antything that caught my eye.

I did see many Sun Java DLL files loaded but I don't know what EXE file loaded
them.
jusched.exe ?
What Java program is loaded ? Yahoo ?

Instead of using the static command line utility NETSTAT.EXE I suggest using the
dynamic GUI
based utility TCPVIEW.EXE for Sysinternals.
http://www.sysinternals.com/Utilities/TcpView.html

With it you will also see the fully qualified name and path the the
program/utility that is
opening up a port and/or communicating through port port to what Internet site.

Is there anything else that makes you think there may be a malware problem ?

Have you run various anti malware utilities ?
If YES, then what and what are their respective versions.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?b25hdGFu?= on November 22, 2005, 5:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks, all the dlls are loaded in iexplore.exe. do you know of a sniffing
tool that allows you to see traffic that goes on the loopback interface?

"David H. Lipman" wrote:

>
> | For some time now i see random ixplore processes on my computer that that
> | are not related to any open browser.
> | Netstat - ano shows the process to listen on 127.0.0.1 UDP 3410
> | portqry shows the following: any ideas? what tools are there to somehow
> | query the port?
> |
> | Process ID: 288 (iexplore.exe)
> |
> | Process doesn't appear to be a service
> |
> | PID Port Local IP State Remote IP:Port
> | 288 UDP 3410 127.0.0.1 *:*
> |
> | Port Statistics
> |
> | TCP mappings: 0
> | UDP mappings: 1
> |
>
> < snip >
>
> There was much to view in that. but I didn't seee antything that caught my eye.
>
> I did see many Sun Java DLL files loaded but I don't know what EXE file loaded
them.
> jusched.exe ?
> What Java program is loaded ? Yahoo ?
>
> Instead of using the static command line utility NETSTAT.EXE I suggest using
the dynamic GUI
> based utility TCPVIEW.EXE for Sysinternals.
> http://www.sysinternals.com/Utilities/TcpView.html
>
> With it you will also see the fully qualified name and path the the
program/utility that is
> opening up a port and/or communicating through port port to what Internet site.
>
> Is there anything else that makes you think there may be a malware problem ?
>
> Have you run various anti malware utilities ?
> If YES, then what and what are their respective versions.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Posted by David H. Lipman on November 22, 2005, 5:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Thanks, all the dlls are loaded in iexplore.exe. do you know of a sniffing
| tool that allows you to see traffic that goes on the loopback interface?
|

Hmmm, on the diagnostic tresponder address 127.0.01 ? Maybe Etherreal

You have much software loaded. It would be helpful to read the following
information…
“How to perform a clean boot in Windows XP”
http://support.microsoft.com/kb/310353

Then examine the PC as somthing being loaded such as Yahoo is calling IE.

I also suggest Process Explorer by Sysinternals.
http://www.sysinternals.com/Utilities/ProcessExplorer.html

It can be used to determine what is loading IE.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
Port log April 22, 2008, 2:54 am
Scanning a port September 24, 2005, 2:27 am
What port Need Sdbot for Execute September 19, 2005, 2:21 pm
Port Block Allow NetBIOS changed November 9, 2005, 8:01 pm
Re: Unknown svchost.exe DNS port 53 network activity December 20, 2006, 4:26 pm
Re: Please help me interpret a suspicious netstat SYN_SENT TCP port 1058 ? February 25, 2006, 1:04 am
Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help! April 9, 2006, 5:45 pm
W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!! October 14, 2005, 2:20 pm

The site map in XML format XML site map

Contact Us | Privacy Policy