Windows components keep trying to connect for DNS?

C

Chipmonk

How can I delete not only my network/Internet configuration files, but
everything on WindowsXP related to the setup of the network/Internet, and
then force WindowsXP to reinstall everything in original, default settings?


Here's my problem in more detail.....

I keep getting Windows services/components trying to connect to the
Internet, mainly for DNS. I strongly suspect this is a configuration problem
rather than malware.

For example, if I do the following:
Click Start -> Run -> type "C:\WINDOWS\system32\dcomcnfg.exe" and hit OK,
when the window opens, click to expand the "Components" category and
WindowsXP will slow down, then Zone Alarm will prompt me with "COM
Surrogate" (C:\WINDOWS\system32\dllhost.exe) is trying to connect to the
Internet, Destination IP: 0.0.0.0:DNS. When I block that, I get another
prompt from Zone Alarm asking if I want to allow "Microsoft Management
Console" (C:\WINDOWS\system32\mmc.exe) to act as a server program, Source
IP: 0.0.0.0:port 1030.

I also get connection prompts from several other programs including Windows
Help, Search, Windows Explorer, even my mouse when I use the programable
button which is set as the ENTER key.

Well I had this problem several months ago and nobody on the newsgroups
could shed any light. Google also drew a blank.

I probably caused this myself when I was setting up XP and trying to stop
(in the registry) the NetBIOS ports from listening.

After recently fitting a new mainboard I had to perform a repair
installation of XP to get it working, but surprisingly this weird "DNS
resolving" problem persists. I noticed it kept all my Dial-Up connection
settings.

At this stage I just want to delete as much of the WindowsXP settings files
as I can, then do another repair installation. Can anyone suggest a safe way
to do this?

PS. I don't mind reinstalling all my programs too, but would a full
re-installation delete the original downloads?
 
R

Rich Barry

Chipmonk, save your self a headache and do a clean install with new
partiton and format. Save all your
important stuff first.
 
C

Chipmonk

Arrrrrrrrrrrrgh!

Hi Rich, I deleted, re-created and formatted the partition. Installed XP,
SP1 and a newer version of Zone Alarm - but I'm getting exactly the same
prompts as before :(

I've searched the Web, but they do not seem to be documented on Google,
Usenet, MSKB or Zone Alarm's site.

Can someone please check if you get these prompts too?
 
R

Rich Barry

I am not that familiar with Zone Alarm but the last time I used it I
remember it Prompted me for everything.
I think that's why I stopped using it.
 
R

Richard G. Harper

Uhhhh ... not sure how to tell you this, but that's kinda the point of a
firewall. :) It tells you when something's trying to access the Internet
and you decide to either allow it forever, allow it once, block it once, or
block it forever. [N.B. - Your firewall may not support all four of these
choices but they are the set to select from.]

By making intelligent and appropriate choices, after a few days/weeks you
wind up with most programs that you always want to have access having it,
most programs that you want never having access being blocked, and only a
few left that you either want to decide on a case-by-case basis or that you
haven't configured yet.
 
R

Rich Barry

Richard, you are certainly correct on the value and the necessity of a
good firewall but I was responding to
his question about all the prompts. In no way was I telling him not to
use a firewall. Zone Alarm is not the
only one out there.
Richard G. Harper said:
Uhhhh ... not sure how to tell you this, but that's kinda the point of a
firewall. :) It tells you when something's trying to access the Internet
and you decide to either allow it forever, allow it once, block it once, or
block it forever. [N.B. - Your firewall may not support all four of these
choices but they are the set to select from.]

By making intelligent and appropriate choices, after a few days/weeks you
wind up with most programs that you always want to have access having it,
most programs that you want never having access being blocked, and only a
few left that you either want to decide on a case-by-case basis or that you
haven't configured yet.

--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Rich Barry said:
I am not that familiar with Zone Alarm but the last time I used it I
remember it Prompted me for everything.
I think that's why I stopped using it.
Click to expand...
Click to expand...
 
C

Chipmonk

Hi Richard,

I have for many years (since Win98) appreciated having a good firewall :)

....but I'm sure you'll agree it's important to understand exactly why
particular programs/services appear to be trying to access the internet, or
act as a server, and determine whether it is normal behaviour or not -
instead of just blocking and forgetting about them. Especially when I've
searched the Web and found almost no reports of others encountering the same
problem, despite WinXP and ZoneAlarm being as widely used as they are.

In any case, I've always felt having a firewall is no excuse for leaving
vulnerable/unnecessary ports listening, or services running.

PS. I've managed to close all listening ports now, and shut down unnecessary
services, but still having a problem with the Microsoft Management Console
acting as a server and re-opening TCP 135 if I click to expand the
"Components" category. Thinking this thread had died and my problem evolved,
I created a new thread before I saw your post, called:
"How to Disable MMC.EXE acting as a server? (Microsoft Management
Console)"
Message-ID: <[email protected]>

Cheers.



Richard G. Harper said:
Uhhhh ... not sure how to tell you this, but that's kinda the point of a
firewall. :) It tells you when something's trying to access the Internet
and you decide to either allow it forever, allow it once, block it once, or
block it forever. [N.B. - Your firewall may not support all four of these
choices but they are the set to select from.]

By making intelligent and appropriate choices, after a few days/weeks you
wind up with most programs that you always want to have access having it,
most programs that you want never having access being blocked, and only a
few left that you either want to decide on a case-by-case basis or that you
haven't configured yet.

--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Rich Barry said:
I am not that familiar with Zone Alarm but the last time I used it I
remember it Prompted me for everything.
I think that's why I stopped using it.
Click to expand...
Click to expand...
 
C

Chipmonk

Well just for the record, these were mainly symptoms of a bug that I wish to
document somewhere for the benefit of others, so here it is:

Programs affected:
Zone Alarm (all versions)
Browser Mouse 1.0, 1.1 (file name: Mouse32A.exe Copyright 2001 by
LEE,WEI-BIN.).

Systems affected:
Windows XP. Later versions were not tested.
The behaviour was observed on both of the two Windows XP machines tested.

Systems unaffected:
Windows 95, Windows 98, Windows Millenium.

Distribution:
Use of Zone Alarm is widespread.
Use of the Browser Mouse program is widespread and included by various
manufacturers where their mouse products have extra programmable buttons.

Description:
When pressing a user-programmed* mouse button, the Browser Mouse program
will apparently use Windows API messages to:
(1) Set keyboard focus to the application or control directly beneath the
mouse pointer.
(2) Perform the pre-programmed operation on that application or control.
*Mouse buttons used in these tests were programmed to act as the ENTER key,
Copy, Paste.

Symptoms:
Zone Alarm intercepts the Browser Mouse API messages. This results in Zone
Alarm adding the focused application to its list of Programs under the
Program Control tab. Zone Alarm sets all permissions for the application to
"Ask".
Other symptoms include the application and/or operating system temporarilly
failing to respond.

Example applications:
The following well-known non-internet-aware applications were automatically
added to Zone Alarm's Programs window by the procedure described:
Calc.exe
Notepad.exe
Charmap.exe
TaskMan.exe
MSConfig.exe

Conclusion:
There may or may not be credible security implications for this, but in any
case the problem is very annoying and makes for an unpleasant User
experience, is distracting, arrouses a false suspicion of program or
operating system infection and typically results in the user needlessly
formatting and re-installing their operating system.

It is also felt that Zone Alarm's Programs window pointlessly filling up
with a long list of non-internet-aware applications could potentially
degrade the User's awareness of a malicious application if one came to
reside there.

www.cor.org.uk


Rich Barry said:
Richard, you are certainly correct on the value and the necessity of a
good firewall but I was responding to
his question about all the prompts. In no way was I telling him not to
use a firewall. Zone Alarm is not the
only one out there.
Richard G. Harper said:
Uhhhh ... not sure how to tell you this, but that's kinda the point of a
firewall. :) It tells you when something's trying to access the Internet
and you decide to either allow it forever, allow it once, block it once, or
block it forever. [N.B. - Your firewall may not support all four of these
choices but they are the set to select from.]

By making intelligent and appropriate choices, after a few days/weeks you
wind up with most programs that you always want to have access having it,
most programs that you want never having access being blocked, and only a
few left that you either want to decide on a case-by-case basis or that you
haven't configured yet.

--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Rich Barry said:
I am not that familiar with Zone Alarm but the last time I used it I
remember it Prompted me for everything.
I think that's why I stopped using it.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Set DNS for corp Windows clients when using public networks 0
How to Disable MMC.EXE acting as a server? (Microsoft Management Console) 5
Why does Windows XP components always want to connect to the Internet 6
Hosts file not being used by windows explorer 4
unable to use add/remove windows components 2
Windows 7 Windows 7: DNS issues when using VPN 0
Why all Application connect to DNS server during they Starts? 4
Windows XP cannot connect to internet 4

Top