Explorer.exe at 50% (WINXP SP2)

Hey all!
I just read about a problem i have on my PC at home. It is whenever i am online, i get explorer.exe at 50% cpu usage and i cant use it. i end the process and start it again but it only works for 2 minutes or so.

Whenever explorer.exe isnt running, it usually make firefox 50% instead.
I have found a solution to it!

I read on the XYZ forums that it was from hackers coming from an IP such as 204.16.108.*. (the * represents any number from 1 to 300) and it is coming from ports 1025 to 1030

I tried to make a rule on Sygate Personal Firewall Pro but it only allowed me to put a 2 digit number as the last varying number.

Put simply, I was attempting to put the rule as:
Block all incoming connections from.....204.16.108.1-204.16.108.300..... but it would only work with 204.16.108.1-204.16.108.30

I dont understand! Can i make a rule in windows itself or would using the windows firewall fix the problem.

BTW I have dial-up and windows updates take a long time to download so i refuse to use Windows Firewall just incase it is not safe. Am I right?

I have
3800+ Dual Core AMD CPU
2x 256MB nVidia 6600GTs
250GB Western Digital SATA HDD
CD/DVD Burner LG

ANY help would be greatly appreciated

 

Hi, Magia. Welcome to Windows BBS.

I expect you cannot put 300 in the last part of the IP address because 255 is the highest valid number for any part of the IP address.

You should be able to block all connections in the following range:

• 204.16.108.1 - 204.16.108.255

 

Ooops Didnt know

So there is no way of ever getting an incomming connections from 204.16.108.300. Cool, thanks for your help.

Now what type of rule do i use to stop incoming connections to my computer for the IP's 204.16.108.1-204.16.108.255?

I know how to set the rule but do I make the rule on all ports? and do i use UDP or TCP?

By the way, what are the differences between TCP and UDP and what are they used for?

 

If you do not have any legitimate dealings with the IP: 204.16.108.* (which I could not resolve to a domain name, apparently located in the USA according to Port Explorer), then I expect you can block all ports (both TCP and UDP) from the 204.16.108.1 - 204.16.108.255 range without any negative effect on your computer.

I am not very knowledgeable about TCP and UDP protocols but here are some links for learning more about TCP and UDP to get you started.

• Webopedia: Transmission Control Protocol (TCP)
• Webopedia: User Datagram Protocol (UDP)
• Wikipedia: Transmission Control Protocol (TCP)
• Wikipedia: User Datagram Protocol (UDP)

 

By the way, I think 204.16.108.0 is also a valid IP address. Therefore, I expect you should specify the range as 204.16.108.0 - 204.16.108.255 in your firewall (all ports, both TCP and UDP) to block all incoming connections from the 204.16.108.* domain.

 

Hi, Magia.

I used Port Explorer to perform a "Whois" on 204.16.108.1 and I am providing the following results in case you're interested in investigating further (assuming your incoming connection attempts were, in fact, from the 204.16.108.0 - 204.16.108.255 range).

========

[FONT= "Courier New"]OrgName: MScript, Inc
OrgID: MSCRI
Address: 108 Bank st
Address: 5th floor
City: Waterbury
StateProv: CT
PostalCode: 06702
Country: US

NetRange: 204.16.108.0 - 204.16.111.255
CIDR: 204.16.108.0/22
NetName: MSCRIPT-NETWORK
NetHandle: NET-204-16-108-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
Comment:
RegDate: 2005-10-28
Updated: 2005-10-28

RTechHandle: MGO26-ARIN
RTechName: Golino, Mark
RTechPhone: +1-203-755-5454
RTechEmail: mgolino_*.AT.*_mscript.net

OrgTechHandle: MGO26-ARIN
OrgTechName: Golino, Mark
OrgTechPhone: +1-203-755-5454
OrgTechEmail: mgolino_*.AT.*_mscript.net

# ARIN WHOIS database, last updated 2006-11-17 19:10[/FONT]

========

I edited the e-mail addresses above to help prevent bots from harvesting the email addresses. Since you suspect mscript.net as the source of your unwanted incoming connection attempts, I would advise AGAINST e-mailing "mgolino" anyway at least until you have verified mscript.net is not malicious in general and the Whois information above is not bogus.

BTW, Port Explorer is a very handy, full-featured program for monitoring your computer's TCP/UDP traffic. The 30-day trial/demo version is apparently fully functional (according to DiamondCS).

 

Thanks for the help.

OK thanks for the help. ill definatly reccomend the site to my fellow classmates

 

Problem!

ok, i went further and i made a rule to block :
204.16.108.0 - 204.16.111.255 (just to make sure)

explorer still runs at 50%, when explorer.exe is not running, it jumps to firefox.exe. so not only is explorer stuffing up, but so is firefox. If firefox isnt running, then it laggs up RKLauncher (Mac Emulation Software)

Please help me. what do i do to fix the issue?