Help...Explorer.exe communicating to italy?

I have been scouring the internet to see what in the world explorer.exe is trying to do.

12:30:23 AM explorer.exe OUT REFUSED TCP 80.180.193.69 3386 Blocked by Component Control

its trying to connect to this place in Italy. Can anyone help? Ive spent hours and trojan hunters, kaspersky, tauscum, etc on this and to no avail.


Thanks

 

Anybody?

This is the only other information I found...but the solution didnt apply:

bytehd (IS/IT--Manageme)
8 May 05 23:37
Uses UDP and TCP port 3386.
Which is listed in iana as GPRS-data (cell phone signalling)

Trouble is, EXPLORER.EXE is opening a connection to
151.25.34.63 which resolves to nice little names
Sam Spade gives me:
fbiserver.shacknet.nu
and
mazservercia.no-ip.org

my rDNS gives me a dial up italian:
ppp-63-34.25-151.libero.it

clues?

George Walkey
Senior Geek in charge
http://www.insyncva.com
Find A Job or Post a Job Opening Click Here.
crow053 (TechnicalUser)
12 May 05 19:39
Looking at mazservercia.no-ip.org, it could be a possble reverse connecting trojan. I would start doing trojan/virus scans.
bytehd (IS/IT--Manageme)
12 May 05 20:49
I did.
found a nice little bugger called ngrt.exe
gone

George Walkey
Senior Geek in charge
http://www.insyncva.com

 

Hi Spalatin, welcome to Wilders.

You may want to try running “HijackThis” found here and post your log at one of the HijackThis Specialist Forums, the two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

Let us know how you go...

Cheers