TCP port question

[James]

Each time I boot my Vista computer I show an established TCP connection
(viewed in tcpview by
sysinternals) to "inthemotherhood.com:http" then after about five minutes
it's gone.

WHOIS results:

Domain Name: INTHEMOTHERHOOD.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.MSFT.NET
Name Server: NS2.MSFT.NET
Name Server: NS3.MSFT.NET
Name Server: NS4.MSFT.NET
Name Server: NS5.MSFT.NET
Status: ok
Updated Date: 12-apr-2007
Creation Date: 23-feb-2007
Expiration Date: 23-feb-2009

My question is WHY? Has anyone else seen this?

 

[Malke]

Each time I boot my Vista computer I show an established TCP connection
(viewed in tcpview by
sysinternals) to "inthemotherhood.com:http" then after about five
minutes it's gone.

WHOIS results:

Domain Name: INTHEMOTHERHOOD.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.MSFT.NET
Name Server: NS2.MSFT.NET
Name Server: NS3.MSFT.NET
Name Server: NS4.MSFT.NET
Name Server: NS5.MSFT.NET
Status: ok
Updated Date: 12-apr-2007
Creation Date: 23-feb-2007
Expiration Date: 23-feb-2009

My question is WHY? Has anyone else seen this?

It's some MSN site about motherhood. Maybe your wife/SO is trying to
tell you something? ;-)

Sounds like you're set to start MSN with Windows and for some reason
that's your homepage?


Malke

 

[Jonathan M. \TacticalSniper\ Boyko]

Blame the evil Micro$oft

 

[Malke]

Blame the evil Micro$oft

I don't know why you'd blame Microsoft; it's your computer and you or
someone in your family using that computer set it up that way. But
whatever floats your boat.

End thread.


Malke

 

[Mr. Arnold]

Each time I boot my Vista computer I show an established TCP connection
(viewed in tcpview by
sysinternals) to "inthemotherhood.com:http" then after about five minutes
it's gone.

WHOIS results:

Domain Name: INTHEMOTHERHOOD.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.MSFT.NET
Name Server: NS2.MSFT.NET
Name Server: NS3.MSFT.NET
Name Server: NS4.MSFT.NET
Name Server: NS5.MSFT.NET
Status: ok
Updated Date: 12-apr-2007
Creation Date: 23-feb-2007
Expiration Date: 23-feb-2009

My question is WHY? Has anyone else seen this?

Just out of curiosity, I started up TCPview that I downloaded last night,
and I too saw this connection to INTHEMOTHERHOOD.COM.

It's some kind of malware as far as I am concerned that's in association
with MSN, Suave, and Sprint.

http://www.forbes.com/prnewswire/fe...wire200704170812PR_NEWS_B_WES_AQ_AQTU057.html

The next time I see this thing in TCPview, I hope to get a PID -- Process ID
and go to Process Explorer and see what process is hosting it and/or is it a
Dll that's being hosted.

It's too bad Active Ports doesn't work on Vista, so I can get better
information about connections being made to remote IP(s), dubious or not.

 

[James]

Just out of curiosity, I started up TCPview that I downloaded last night,
and I too saw this connection to INTHEMOTHERHOOD.COM.

It's some kind of malware as far as I am concerned that's in association
with MSN, Suave, and Sprint.

http://www.forbes.com/prnewswire/fe...wire200704170812PR_NEWS_B_WES_AQ_AQTU057.html

The next time I see this thing in TCPview, I hope to get a PID -- Process
ID and go to Process Explorer and see what process is hosting it and/or is
it a Dll that's being hosted.

It's too bad Active Ports doesn't work on Vista, so I can get better
information about connections being made to remote IP(s), dubious or not.

Have you tried "portmon," also by sysinternals?

Let us know if you find out anything...and I'll do the same.

-james

 

[James]

Have you tried "portmon," also by sysinternals?

Oops. I meant to say "procmon."

-james

 

[Doris Day - MFB]

I don't know why you'd blame Microsoft; it's your computer and you or
someone in your family using that computer set it up that way. But
whatever floats your boat.

End thread.


Malke

Don't you find it strange that two people in this short thread have reported
the same thing?

Love and Kisses,
Doris

 

[Guest]

Each time I boot my Vista computer I show an established TCP connection
(viewed in tcpview by
sysinternals) to "inthemotherhood.com:http" then after about five minutes
it's gone.

I get the same thing on two seperate fresh installs of Vista at different
physical locations, so it isn't just specific to a profile. It's really
annoying and comes back every hour or so for a couple of minutes.

 

[Mr. Arnold]

Oops. I meant to say "procmon."

I found something that's the equal to Active Ports. It's called CurrPorts.
You can add colums like Process Name.

Now, I can better see what's going on with connects to/from the machine.

http://www.bestvistadownloads.com/download-tcp-port-software.html

 

[James]

I found something that's the equal to Active Ports. It's called CurrPorts.
You can add colums like Process Name.

Now, I can better see what's going on with connects to/from the machine.

http://www.bestvistadownloads.com/download-tcp-port-software.html

Looks handy. Thanks!

 

[James]

It's apparently one of the Sidebar apps that's accessing
inthemotherhood.com.

I found it by running "currports."

Yep, very handy. Thanks again Mr. Arnold!

-james

 

[Guest]

It's apparently one of the Sidebar apps that's accessing
inthemotherhood.com.

I found it by running "currports."

Yep, very handy. Thanks again Mr. Arnold!

-james

So that would probably be the RSS viewer most likely, or a related process.
I don't have the app running when it opens the port, so it's probably one of
the background services then. The big annoyance in XP was msmsgs. It was
apparently premature and naive to revel in it's exclusion from Vista!