Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Explorer and Internet Explorer Hijacked


  • Please log in to reply

#1
BonsaiGuy

BonsaiGuy

    New Member

  • Member
  • Pip
  • 1 posts
I am suddenly getting warnings from Sygate Firewall that:

Windows Explorer (explorer.exe) is trying to connect to updates.ms-windows.net [66.98.166.103] using remote port 80

This happens every time I try to start explorer to simply browse files on my hard drive. I block it, but I have this 5-10 second lag time everytime this happens. I'm NOT happy about that solution as I spent a lot getting this machine built and it is fast in all other respects.

Unfortunately, the first time I got the Sygate warning I let it connect. That was about a week or so ago. I then noticed some other funny things going on where all of the sudden my mouse pointer jumps to another part of my screen when I'm using it. (As if someone had remotely taken control for a split second.) Also, just prior to this post I kept getting errors when I tried to drag and drop files into directories. The files did copy but also remained where I'd dragged them from.

I did a whois on the IP above and it doesn't look like microsoft to me. I also can't get to that site in a browser. (As if it didn't exist)

I did updates and ran my AVG virus software, spybot search and destroy and adaware. They all came back ok.

I use firefox and have no problems with that but interestingly when I tried Intenet Explorer it tries to connect to that site too according to Sygate. I went ahead and let it connect and I didn't notice anything happen. I just ended up at msn.com.

I suspect trojan, virus, worm, spyware is the problem but am at a lose after searching the web about explorer trying to connect to things. Only solution I found was to block it but again, it's frustrating WAITING for it to finish trying to connect before I can move through directories.

I downloaded hijackthis and will follow an experts instructions. I would very much appreciate anyones help with this. I'd hate to have to reinstall my OS. Meanwhile here are the results of my whois on the suspect IP above:

Search results for: 66.98.166.103


OrgName: Everyones Internet, Inc.
OrgID: EVRY
Address: 390 Benmar
Address: Suite 200
City: Houston
StateProv: TX
PostalCode: 77060
Country: US

NetRange: 66.98.128.0 - 66.98.255.255
CIDR: 66.98.128.0/17
NetName: EVRY-BLK-14
NetHandle: NET-66-98-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1.NET
NameServer: NS2.EV1.NET
Comment:
RegDate: 2003-07-02
Updated: 2004-02-06

TechHandle: RW172-ARIN
TechName: Williams, Randy
TechPhone: +1-713-579-2850
TechEmail: admin@ev1.net

OrgAbuseHandle: ABUSE477-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-713-579-2850
OrgAbuseEmail: abuse@ev1.net

OrgNOCHandle: NOC1445-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-713-579-2850
OrgNOCEmail: noc@ev1.net

OrgTechHandle: RW172-ARIN
OrgTechName: Williams, Randy
OrgTechPhone: +1-713-579-2850
OrgTechEmail: admin@ev1.net

OrgTechHandle: VST3-ARIN
OrgTechName: Stinson, Valarie
OrgTechPhone: +1-713-579-2850
OrgTechEmail: admin2@ev1.net
  • 0

Advertisements


#2
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808.

Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, I recommend at least one online scan.

Now, REBOOT in Normal Mode and have an On-line scan at this sites: Trend Micro or Panda Scan.

Have a free Trojan online scan HERE.

Download, get updates and run TDS-3.
  • 0

#3
tmwtmp

tmwtmp

    New Member

  • Member
  • Pip
  • 2 posts
I have the exact same problem.
Tried replacing the explorer.exe with an uninfected version but to no avail.
  • 0

#4
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
tmwtmp,

Please create a new thread by creating a new topic.
  • 0

#5
tmwtmp

tmwtmp

    New Member

  • Member
  • Pip
  • 2 posts
Well looks i got rid of it somehow.
I moved the explorer.scf out of the windows directory and suddenly no more connection attempts.
Then i did a search and found there was a copy of explorer.exe in system32\dllcache.
Deleted that file moved the explorer.scf back into it's place and now it seems to be ok.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP