Rundll accessing internet

[Sean Anderson]

I get a number of entries in my firewall (Kerio Personal Firewall) where
c:\windows\system32\rundll32.exe is opening a TCP connection on port 80
(http). One instance was to 207.46.134.92, another to 207.46.197.59. It has
a few goes at each and then gives up.

I plug the IP addresses into my browser. One opened up the windows update
site, the other said "directory listing denied"

So, is this indeed related up windows update? My windows update seems to be
working fine - it seems to work using c:\windows\system32\svchost.exe which
I have granted http and https access to. What are the rules that should be
in place for windows update to work properly?

This has only started happening when I put in a new motherboard and did a
repair install of XP home (and then did all the updates again). I had a
Microsoft update CD so it wasn't too painful, and I am behind a NAT router
which explicitly blocks any netbios related traffic - in other words, I
haven't been infected by any I also have fully up to date norton anti-virus
and have recently done a full system scan.

Any ideas?

 

[Rick \Nutcase\ Rogers]

Hi,

Yes, both of those addresses belong to Microsoft. Windows Update
periodically changes the IP, so yes that could be one of them, the other may
be error reporting or some other functionality.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Windows
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone