explorer.exe want to access the internet

F

Frank

Hi,

I have a XP PC (Home) that was infected with worms & trojans.
Cleaned with Norton AV and Trend Micro on-line scan.
Installed Zone Alarm (Free version) to monitor out-going traffic.
Installed SP2.
After SP2 install Zone Alarm notifies that explorer.exe wants to access the
internet.
If I allow it access it sends out a series of pings to a random lot of IP
addresses and ports.

Is this normal?

Frank Klassen
 
D

David H. Lipman

What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate at ?
What is the fully qualified path to EXPLORER.EXE that is trying to access the Internet ?


--
Dave




| Hi,
|
| I have a XP PC (Home) that was infected with worms & trojans.
| Cleaned with Norton AV and Trend Micro on-line scan.
| Installed Zone Alarm (Free version) to monitor out-going traffic.
| Installed SP2.
| After SP2 install Zone Alarm notifies that explorer.exe wants to access the
| internet.
| If I allow it access it sends out a series of pings to a random lot of IP
| addresses and ports.
|
| Is this normal?
|
| Frank Klassen
|
|
 
C

Carey Frisch [MVP]

A description of Svchost.exe in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314056

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

:

| Hi,
|
| I have a XP PC (Home) that was infected with worms & trojans.
| Cleaned with Norton AV and Trend Micro on-line scan.
| Installed Zone Alarm (Free version) to monitor out-going traffic.
| Installed SP2.
| After SP2 install Zone Alarm notifies that explorer.exe wants to access the
| internet.
| If I allow it access it sends out a series of pings to a random lot of IP
| addresses and ports.
|
| Is this normal?
|
| Frank Klassen
 
F

Frank

Thanks for helping.

This is about 40 seconds worth.

01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80
01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to 213.224.140.57:3574
01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508
01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to 80.171.116.251:4718
01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to 24.182.101.208:2666
01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to 68.191.17.240:3802
01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to
80.171.116.251(80.171.116.251):9718
01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to 166.82.53.210:3026
01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to
68.49.91.50(68.49.91.50):9508
01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to
213.224.140.57(213.224.140.57):8574
01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to
68.191.17.240(68.191.17.240):8802
01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to
24.182.101.208(24.182.101.208):7666
01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to
166.82.53.210(166.82.53.210):8026
01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to 165.134.177.105:4880
01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to 62.101.231.181:2931
01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to 169.254.241.4:1351
01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to 68.205.50.196:4187
01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138
01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to
165.134.177.105(165.134.177.105):9880
01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to
68.205.50.196(68.205.50.196):9187
01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to
169.254.241.4(169.254.241.4):6351
01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to
62.101.231.181(62.101.231.181):7931
01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to
169.254.12.1(169.254.12.1):6138

Zone alarm reports the following details on the file:

Product Name: Microsoft Windows Operating System
File Name: C:\Windows\explorer.EXE (upper case exe by Zone Alarm)
Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Created Date: 04/08/2004
File Size: 1008 KB

Frank Klassen
 
J

JW

http://www.pcworld.com/reviews/article/0,aid,115939,pg,1,00.asp

your problem looks like normal behavior for the Bagle worm. Page 2 of
the article cited above states the following :


Consider the Bagle worm, which hides its identity by injecting itself
into the Windows Explorer application. When AV-Test infected a system
with this worm, the McAfee, Norton, Sygate, and ZoneAlarm firewalls
asked if Windows Explorer could access the Internet. Attentive users
might wonder why the app was spontaneously trying to access the
Internet, but others might simply click the OK button without
considering the implications.


note that the Bagle worm hides it's identity. other techniques used to
hide viruses include compression and encryption. that's why no
anti-virus program ever catches 100% of Known viruses, much less 100% of
Unknown viruses.
 
D

David H. Lipman

Frank I'm not sure you are clean.

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt361.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html




| Thanks for helping.
|
| This is about 40 seconds worth.
|
| 01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to 213.224.140.57:3574
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to 80.171.116.251:4718
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to 24.182.101.208:2666
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to 68.191.17.240:3802
| 01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to
| 80.171.116.251(80.171.116.251):9718
| 01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to 166.82.53.210:3026
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to
| 68.49.91.50(68.49.91.50):9508
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to
| 213.224.140.57(213.224.140.57):8574
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to
| 68.191.17.240(68.191.17.240):8802
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to
| 24.182.101.208(24.182.101.208):7666
| 01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to
| 166.82.53.210(166.82.53.210):8026
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to 165.134.177.105:4880
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to 62.101.231.181:2931
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to 169.254.241.4:1351
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to 68.205.50.196:4187
| 01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to
| 165.134.177.105(165.134.177.105):9880
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to
| 68.205.50.196(68.205.50.196):9187
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to
| 169.254.241.4(169.254.241.4):6351
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to
| 62.101.231.181(62.101.231.181):7931
| 01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to
| 169.254.12.1(169.254.12.1):6138
|
| Zone alarm reports the following details on the file:
|
| Product Name: Microsoft Windows Operating System
| File Name: C:\Windows\explorer.EXE (upper case exe by Zone Alarm)
| Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
| Created Date: 04/08/2004
| File Size: 1008 KB
|
| Frank Klassen
|
|
|
| | > What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate at ?
| > What is the fully qualified path to EXPLORER.EXE that is trying to access
| the Internet ?
| >
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Hi,
| > |
| > | I have a XP PC (Home) that was infected with worms & trojans.
| > | Cleaned with Norton AV and Trend Micro on-line scan.
| > | Installed Zone Alarm (Free version) to monitor out-going traffic.
| > | Installed SP2.
| > | After SP2 install Zone Alarm notifies that explorer.exe wants to access
| the
| > | internet.
| > | If I allow it access it sends out a series of pings to a random lot of
| IP
| > | addresses and ports.
| > |
| > | Is this normal?
| > |
| > | Frank Klassen
| > |
| > |
| >
| >
|
|
 
F

Frank

Well it appears as if I will be doing a clean install of Windows.
SysClean didn't find anything.
Stinger found something called c.bat which it considered dangerous and
Adaware found some cookie.
After it all Explorer.exe still trying to comunicate with the outside.

Thanks for trying to help.

Frank Klassen

David H. Lipman said:
Frank I'm not sure you are clean.

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt361.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html




| Thanks for helping.
|
| This is about 40 seconds worth.
|
| 01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to 213.224.140.57:3574
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to 80.171.116.251:4718
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to 24.182.101.208:2666
| 01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to 68.191.17.240:3802
| 01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to
| 80.171.116.251(80.171.116.251):9718
| 01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to 166.82.53.210:3026
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to
| 68.49.91.50(68.49.91.50):9508
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to
| 213.224.140.57(213.224.140.57):8574
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to
| 68.191.17.240(68.191.17.240):8802
| 01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to
| 24.182.101.208(24.182.101.208):7666
| 01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to
| 166.82.53.210(166.82.53.210):8026
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to 165.134.177.105:4880
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to 62.101.231.181:2931
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to 169.254.241.4:1351
| 01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to 68.205.50.196:4187
| 01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to
| 165.134.177.105(165.134.177.105):9880
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to
| 68.205.50.196(68.205.50.196):9187
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to
| 169.254.241.4(169.254.241.4):6351
| 01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to
| 62.101.231.181(62.101.231.181):7931
| 01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to
| 169.254.12.1(169.254.12.1):6138
|
| Zone alarm reports the following details on the file:
|
| Product Name: Microsoft Windows Operating System
| File Name: C:\Windows\explorer.EXE (upper case exe by Zone Alarm)
| Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
| Created Date: 04/08/2004
| File Size: 1008 KB
|
| Frank Klassen
|
|
|
| | > What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate at ?
| > What is the fully qualified path to EXPLORER.EXE that is trying to access
| the Internet ?
| >
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Hi,
| > |
| > | I have a XP PC (Home) that was infected with worms & trojans.
| > | Cleaned with Norton AV and Trend Micro on-line scan.
| > | Installed Zone Alarm (Free version) to monitor out-going traffic.
| > | Installed SP2.
| > | After SP2 install Zone Alarm notifies that explorer.exe wants to access
| the
| > | internet.
| > | If I allow it access it sends out a series of pings to a random lot of
| IP
| > | addresses and ports.
| > |
| > | Is this normal?
| > |
| > | Frank Klassen
| > |
| > |
| >
| >
|
|
Click to expand...
 
D

David H. Lipman

Don't give up yet !

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Symantec:
http://security.symantec.com/



--
Dave




| Well it appears as if I will be doing a clean install of Windows.
| SysClean didn't find anything.
| Stinger found something called c.bat which it considered dangerous and
| Adaware found some cookie.
| After it all Explorer.exe still trying to comunicate with the outside.
|
| Thanks for trying to help.
|
| Frank Klassen
|
| | > Frank I'm not sure you are clean.
| >
| > 1) Download the following four items...
| >
| > McAfee Stinger
| > http://vil.nai.com/vil/stinger/
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend Pattern File.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download SYSCLEAN.COM and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt361.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same
| directory as
| > SYSCLEAN.COM .
| >
| > 2) Update Adaware with the latest definitions.
| > 3) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 4) Reboot your PC into Safe Mode [F8 key during boot]
| > and shutdown as many applications as possible.
| > 5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of
| your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform
| using the three
| > utilities; Trend Sysclean, Stinger and Adaware
| > 7) Re-enable System Restore and re-apply any System Restore
| preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 8) Reboot your PC.
| > 9) Create a new Restore point
| >
| >
| > * * * Please report your results ! * * *
| >
| > --
| > Dave
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > | > | Thanks for helping.
| > |
| > | This is about 40 seconds worth.
| > |
| > | 01/19/2005 16:59:50 TCP from 192.168.1.123:1037 to 209.249.114.19:80
| > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1042 to 213.224.140.57:3574
| > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1046 to 68.49.91.50:4508
| > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1045 to 80.171.116.251:4718
| > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1044 to 24.182.101.208:2666
| > | 01/19/2005 16:59:56 TCP from 192.168.1.123:1043 to 68.191.17.240:3802
| > | 01/19/2005 16:59:58 TCP from 192.168.1.123:1047 to
| > | 80.171.116.251(80.171.116.251):9718
| > | 01/19/2005 16:59:59 TCP from 192.168.1.123:1048 to 166.82.53.210:3026
| > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1049 to
| > | 68.49.91.50(68.49.91.50):9508
| > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1050 to
| > | 213.224.140.57(213.224.140.57):8574
| > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1052 to
| > | 68.191.17.240(68.191.17.240):8802
| > | 01/19/2005 17:00:06 TCP from 192.168.1.123:1051 to
| > | 24.182.101.208(24.182.101.208):7666
| > | 01/19/2005 17:00:09 TCP from 192.168.1.123:1053 to
| > | 166.82.53.210(166.82.53.210):8026
| > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1055 to 165.134.177.105:4880
| > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1054 to 62.101.231.181:2931
| > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1056 to 169.254.241.4:1351
| > | 01/19/2005 17:00:17 TCP from 192.168.1.123:1057 to 68.205.50.196:4187
| > | 01/19/2005 17:00:20 TCP from 192.168.1.123:1058 to 169.254.12.1:1138
| > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1059 to
| > | 165.134.177.105(165.134.177.105):9880
| > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1061 to
| > | 68.205.50.196(68.205.50.196):9187
| > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1062 to
| > | 169.254.241.4(169.254.241.4):6351
| > | 01/19/2005 17:00:27 TCP from 192.168.1.123:1060 to
| > | 62.101.231.181(62.101.231.181):7931
| > | 01/19/2005 17:00:30 TCP from 192.168.1.123:1063 to
| > | 169.254.12.1(169.254.12.1):6138
| > |
| > | Zone alarm reports the following details on the file:
| > |
| > | Product Name: Microsoft Windows Operating System
| > | File Name: C:\Windows\explorer.EXE (upper case exe by Zone Alarm)
| > | Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
| > | Created Date: 04/08/2004
| > | File Size: 1008 KB
| > |
| > | Frank Klassen
| > |
| > |
| > |
| > | | > | > What TCP and/or UDP port(s) does EXPLORER.EXE want to communicate at ?
| > | > What is the fully qualified path to EXPLORER.EXE that is trying to
| access
| > | the Internet ?
| > | >
| > | >
| > | > --
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | Hi,
| > | > |
| > | > | I have a XP PC (Home) that was infected with worms & trojans.
| > | > | Cleaned with Norton AV and Trend Micro on-line scan.
| > | > | Installed Zone Alarm (Free version) to monitor out-going traffic.
| > | > | Installed SP2.
| > | > | After SP2 install Zone Alarm notifies that explorer.exe wants to
| access
| > | the
| > | > | internet.
| > | > | If I allow it access it sends out a series of pings to a random lot
| of
| > | IP
| > | > | addresses and ports.
| > | > |
| > | > | Is this normal?
| > | > |
| > | > | Frank Klassen
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| >
| >
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why does Windows Media Player access the internet? 3
Any reason for taskmgr.exe to access the internet? 1
Spooler subsystem trying to access the Internet? 4
should I allow svchost.exe to access the internet? 1
XP - Explorer.exe causing random traffic on TCP port 445 1
XP SP2 allows ftp.exe access to the internet. 2
unknow .exe files want access to the internet 2
Can't connect to internet. 1

Top