Frank I'm not sure you are clean.
1) Download the following four items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt361.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .
2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point
* * * Please report your results ! * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
| Thanks for helping.
|
| This is about 40 seconds worth.
|
| 01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to 213.224.140.57:3574
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to 80.171.116.251:4718
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to 24.182.101.208:2666
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to 68.191.17.240:3802
| 01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to
| 80.171.116.251(80.171.116.251):9718
| 01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to 166.82.53.210:3026
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to
| 68.49.91.50(68.49.91.50):9508
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to
| 213.224.140.57(213.224.140.57):8574
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to
| 68.191.17.240(68.191.17.240):8802
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to
| 24.182.101.208(24.182.101.208):7666
| 01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to
| 166.82.53.210(166.82.53.210):8026
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to 165.134.177.105:4880
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to 62.101.231.181:2931
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to 169.254.241.4:1351
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to 68.205.50.196:4187
| 01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to
| 165.134.177.105(165.134.177.105):9880
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to
| 68.205.50.196(68.205.50.196):9187
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to
| 169.254.241.4(169.254.241.4):6351
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to
| 62.101.231.181(62.101.231.181):7931
| 01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to
| 169.254.12.1(169.254.12.1):6138
|
| Zone alarm reports the following details on the file:
|
| Product Name: Microsoft Windows Operating System
| File Name: C:\Windows\explorer.EXE (upper case exe by Zone Alarm)
| Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
| Created Date: 04/08/2004
| File Size: 1008 KB
|
| Frank Klassen
|
|
|
| | > What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate at ?
| > What is the fully qualified path to EXPLORER.EXE that is trying to access
| the Internet ?
| >
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Hi,
| > |
| > | I have a XP PC (Home) that was infected with worms & trojans.
| > | Cleaned with Norton AV and Trend Micro on-line scan.
| > | Installed Zone Alarm (Free version) to monitor out-going traffic.
| > | Installed SP2.
| > | After SP2 install Zone Alarm notifies that explorer.exe wants to access
| the
| > | internet.
| > | If I allow it access it sends out a series of pings to a random lot of
| IP
| > | addresses and ports.
| > |
| > | Is this normal?
| > |
| > | Frank Klassen
| > |
| > |
| >
| >
|
|