Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

what is oeoe\icoc.exe? [CLOSED]


  • This topic is locked This topic is locked

#1
keenan

keenan

    Member

  • Member
  • PipPip
  • 32 posts
My Sygate Personal Firewall periodically traps c:\program files\oeoe\icoc.exe trying to connect to cu.clickspring.net [63.251.135.16] using remote port 80.
I always disallow the connection because I don't know what it is, and I suspect it's some form of malware.
Is it?
If so, how do I get rid of it?
I ran CleanUp, and Adaware found nothing unusual.

Sygate's details follow:

File Version :
File Description : C:\Program Files\oeoe\icoc.exe
File Path : C:\Program Files\oeoe\icoc.exe
Process ID : 0x6DC (Heximal) 1756 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 10.0.0.1
Local Port : 1051
Remote Name : cu.clickspring.net
Remote Address : 63.251.135.16
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00-0e-50-3c-27-00
Source: 00-0a-e6-6d-d4-11
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x5426 (Correct)
Source: 10.0.0.1
Destination: 63.251.135.16
Transmission Control Protocol (TCP)
Source port: 1051
Destination port: 80
Sequence number: 1676206920
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x7726 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 0E 50 3C 27 00 00 0A : E6 6D D4 11 08 00 45 00 | ..P<'....m....E.
0010: 00 30 03 68 40 00 80 06 : 26 54 0A 00 00 01 3F FB | .0.h@...&T....?.
0020: 87 10 04 1B 00 50 63 E8 : E3 48 00 00 00 00 70 02 | .....Pc..H....p.
0030: 40 00 26 77 00 00 02 04 : 05 B4 01 01 04 02 4A 30 | @.&w..........J0
0040: 0D 06 09 2A 86 48 86 F7 : 0D 01 01 01 | ...*.H......
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Edited by tampabelle, 14 September 2005 - 06:10 PM.

  • 0

#3
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP