D
DJ
Since using Acronis True Image to create an image of an XP partition,
and restoring it to a new, larger, partition, a friend's PC has been
experiencing a problem that was manifesting as a network buffer
overflow that disables Internet Access, requiring a reboot.
The PC's running XP Home, that was patched to SP2 and all subsequent
updates some time before I performed the above procedure, so I doubt
the problem's been caused by any updates. As far as I know, no
software was installed AFTER the imaging. Further, Kerio Firewall has
been installed for some time, and no changes have been made to it's
rules recently. The PC is directly connected to a Cable Modem, and is
connected by another NIC to one other PC, providing Internet access to
this second PC via ICS. The XP firewall is disabled.
It seems that XP is reaching it's default limit of 5000 ports, because
C:\Windows\System32\rundll32.exe and C:\Windows\System32\winlogon.exe
are repeatedly trying to connect to the Internet, specifically:
TCP Connection to h-213.61.6.3.host.de.colt.net [213.61.6.3:80]
TCP Connection to hosting-68.76.rev.fr.colt.net [213.41.76.68:80]
TCP Connection to 4.78.20.4:80
TCP Connection to 208.185.54.9.speedera.com [208.185.54.9:80]
because both these processes are blocked from (or more accurately, not
permitted to) access the Internet, each time they fail they increase
the port number and try again until the 5000 limit is reached.
I'm running XP Pro SP2 on my own PC, and neither of these processes
are running on my PC, but it is not part of a network either if that's
relevant.
As I understand it, both of these exe's are integral parts of XP, and
it's whatever's calling them that's the problem. I've got Norton
Antivirus, and Microsoft Spyware running and I've scanned the drives
with AntiVir but they've found nothing. I've stopped or disabled as
many services as I can, and done the same with msconfig to prune the
programs that run on startup but both these processes are still
loading at boot.
I can shutdown the RunDLL32.exe using Task Manager, but not
WinLogon.exe as it's a 'critical system process'
For now, I've just left Kerio Firewall blocking and logging these
exe's attempts to access the Internet, and increased the number of
ports to 65534, but I'd like to find a more permanent solution,
because even with this higher limit, eventually it will be reached
requiring a reboot.
DJ
and restoring it to a new, larger, partition, a friend's PC has been
experiencing a problem that was manifesting as a network buffer
overflow that disables Internet Access, requiring a reboot.
The PC's running XP Home, that was patched to SP2 and all subsequent
updates some time before I performed the above procedure, so I doubt
the problem's been caused by any updates. As far as I know, no
software was installed AFTER the imaging. Further, Kerio Firewall has
been installed for some time, and no changes have been made to it's
rules recently. The PC is directly connected to a Cable Modem, and is
connected by another NIC to one other PC, providing Internet access to
this second PC via ICS. The XP firewall is disabled.
It seems that XP is reaching it's default limit of 5000 ports, because
C:\Windows\System32\rundll32.exe and C:\Windows\System32\winlogon.exe
are repeatedly trying to connect to the Internet, specifically:
TCP Connection to h-213.61.6.3.host.de.colt.net [213.61.6.3:80]
TCP Connection to hosting-68.76.rev.fr.colt.net [213.41.76.68:80]
TCP Connection to 4.78.20.4:80
TCP Connection to 208.185.54.9.speedera.com [208.185.54.9:80]
because both these processes are blocked from (or more accurately, not
permitted to) access the Internet, each time they fail they increase
the port number and try again until the 5000 limit is reached.
I'm running XP Pro SP2 on my own PC, and neither of these processes
are running on my PC, but it is not part of a network either if that's
relevant.
As I understand it, both of these exe's are integral parts of XP, and
it's whatever's calling them that's the problem. I've got Norton
Antivirus, and Microsoft Spyware running and I've scanned the drives
with AntiVir but they've found nothing. I've stopped or disabled as
many services as I can, and done the same with msconfig to prune the
programs that run on startup but both these processes are still
loading at boot.
I can shutdown the RunDLL32.exe using Task Manager, but not
WinLogon.exe as it's a 'critical system process'
For now, I've just left Kerio Firewall blocking and logging these
exe's attempts to access the Internet, and increased the number of
ports to 65534, but I'd like to find a more permanent solution,
because even with this higher limit, eventually it will be reached
requiring a reboot.
DJ