Help...Explorer.exe communicating to italy?

Discussion in 'malware problems & news' started by Spalatin, Jun 15, 2005.

Thread Status:
Not open for further replies.
  1. Spalatin

    Spalatin Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    2
    I have been scouring the internet to see what in the world explorer.exe is trying to do.

    12:30:23 AM explorer.exe OUT REFUSED TCP 80.180.193.69 3386 Blocked by Component Control

    its trying to connect to this place in Italy. Can anyone help? Ive spent hours and trojan hunters, kaspersky, tauscum, etc on this and to no avail.


    Thanks
     
  2. Spalatin

    Spalatin Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    2
    Anybody?

    This is the only other information I found...but the solution didnt apply:

    bytehd (IS/IT--Manageme)
    8 May 05 23:37
    Uses UDP and TCP port 3386.
    Which is listed in iana as GPRS-data (cell phone signalling)

    Trouble is, EXPLORER.EXE is opening a connection to
    151.25.34.63 which resolves to nice little names
    Sam Spade gives me:
    fbiserver.shacknet.nu
    and
    mazservercia.no-ip.org

    my rDNS gives me a dial up italian:
    ppp-63-34.25-151.libero.it

    clues?

    George Walkey
    Senior Geek in charge
    http://www.insyncva.com
    Find A Job or Post a Job Opening Click Here.
    crow053 (TechnicalUser)
    12 May 05 19:39
    Looking at mazservercia.no-ip.org, it could be a possble reverse connecting trojan. I would start doing trojan/virus scans.
    bytehd (IS/IT--Manageme)
    12 May 05 20:49
    I did.
    found a nice little bugger called ngrt.exe
    gone

    George Walkey
    Senior Geek in charge
    http://www.insyncva.com
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Spalatin, welcome to Wilders.

    You may want to try running “HijackThis” found here and post your log at one of the HijackThis Specialist Forums, the two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Let us know how you go...

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.