1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Windows Explorer and remote connections

Discussion in 'Windows XP' started by ChrisDetroit, 2008/11/30.

  1. 2008/11/30
    ChrisDetroit

    ChrisDetroit Inactive Thread Starter

    Joined:
    2008/11/30
    Messages:
    2
    Likes Received:
    0
    Is there any identifiable reason that Windows Explorer would be showing up in a netstat list of active connections, connected to an IP address?

    It is showing as connected to "209.160.26.253:http" via port 1181, in a "CLOSE_WAIT" state. (The port number changes upon computer restart -- an hour ago it was 3127.)

    I have been dealing with some other strange slowdowns and suspected infections, and I'm wondering if this is a clue to anything.

    Just to be clear: I'm talking about explorer.exe. Not Internet Explorer.

    Thanks!
    Chris
     
    ChrisDetroit,
    #1
  2. 2008/11/30
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Hi, Chris. Welcome to Windows BBS! :)

    If you think your computer might have a malware/virus infection, then I suggest you follow the directions in this link to see what additional information you might be able to dig up.

    If you find your computer indeed has malware, then I suggest you carefully follow the instructions in this link and then post the appropriate logs in the Malware and Virus Removal forum.

    For what it's worth, here's some Whois information about the IP address you posted.

    Code:
    OrgName:    HopOne Internet Corporation 
OrgID:      HOPO
Address:    3311 South 120th Place
City:       Tukwila
StateProv:  WA
PostalCode: 98168-5125
Country:    US

ReferralServer: rwhois://rwhois.hopone.net:4321

NetRange:   209.160.0.0 - 209.160.79.255 
CIDR:       209.160.0.0/18, 209.160.64.0/20 
NetName:    HOPONE-MULTI-SITE-1
NetHandle:  NET-209-160-0-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.HOPONE.NET
NameServer: NS5.HOPONE.NET
NameServer: NS3.HOPONE.NET
NameServer: NS2.HOPONE.NET
NameServer: NS6.HOPONE.NET
NameServer: NS4.HOPONE.NET
Comment:    HopOne Internet Corp.(R)
Comment:    The Foundation of Internet Success.(R)
RegDate:    2004-02-04
Updated:    2007-05-08

OrgAbuseHandle: ABUSE958-ARIN
OrgAbuseName:   Abuse Department 
OrgAbusePhone:  206-438-5909
OrgAbuseEmail:  abuse@hopone.net

OrgTechHandle: HJ48-ARIN
OrgTechName:   Jass, Haralds 
OrgTechPhone:  +1-206-438-5909
OrgTechEmail:  hjass@hopone.net

# ARIN WHOIS database, last updated 2008-11-30 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
     
    mailman,
    #2


  3. to hide this advert.

  4. 2008/11/30
    ChrisDetroit

    ChrisDetroit Inactive Thread Starter

    Joined:
    2008/11/30
    Messages:
    2
    Likes Received:
    0
    Thanks, mailman.

    I've run every scanner/remover/etc. at this point, or just about all of them, at least. But I'll have a little swing through the other forum and see what sort of guidance might be there.

    Nevertheless, I'm still hoping to get at least a generic answer to my question: It's not at all normal for explorer.exe to be making connections to any remote addresses, right?
     
    ChrisDetroit,
    #3
  5. 2008/12/01
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    I wouldn't think so. I'd be looking into a 3rd party shell extension (see: Troubleshooting Windows Explorer Errors for information on how to identify them).
     
    Arie,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...