question about winlogon.exe

Discussion in 'malware problems & news' started by medchemistMA, Jul 29, 2007.

Thread Status:
Not open for further replies.
  1. medchemistMA

    medchemistMA Registered Member

    Joined:
    Jul 29, 2007
    Posts:
    2
    The program log for my ZoneAlarm ISS notes that there are hundreds of attempts by winlogon.exe and explorer.exe to connect to 204.2.179.#:80, which is listed in whois as NTT America Inc., Centennial CO. Winlogon.exe handles login and logout procedures for the system, does anyone know why it would be trying to make an outgoing connections? The destination DNS is a1093.g.akamai, or some similar variation.

    I also run port explorer and it lists a *System process with PID "0" which also tries to make connections to this IP as well as some others. Port explorer does not say which specific .exe is launching the process. Is anyone familiar with problems of this kind?

    Many thanks and kind regards,

    medchemistMA
     
  2. ASpace

    ASpace Guest

    Hello ! Welcome to Wilders!

    As far as I know winlogon.exe and explorer.exe should in no way connect to the internet and I think it is good that they have been blocked .

    You might be infected and if you don't know how , it's good for your computer to be checked . Post in forums providing malware cleaning services such as Aumha , Malware Removal University , TomCoyote (search for their URLs in Google) :thumb:
     
  3. medchemistMA

    medchemistMA Registered Member

    Joined:
    Jul 29, 2007
    Posts:
    2
    HiTech_boy,

    Thank you for your reply. I have run ZoneAlarm antivirus/spyware, spybot SSD, Trojan Hunter and HijackThis without finding anything. I have run KazaaBeGone and it finds an infection and deletes it, but it seems to come back from time to time. It finds no infection at the moment. One odd thing that I have noticed is that it appears that it is ZoneAlarm that is making some of the System Process "0" connections since vsmon.exe is at times connecting to the same IP. Some of these IP addresses that ZA is connects to are in Panama and places that I would not expect for a legitimate connection. The worst trojan that I ever had to deal with infected my Norton Live Update and was connecting all over the world before I reinstalled it. I cannot get any support from ZA, or even any evidence that the company exists, other than my credit card bill. I will try re-installing ZAISS and see if that helps.

    I will also post to the other forums that you suggested.

    Thanks and best regards,

    medchemistMA
     
Loading...
Thread Status:
Not open for further replies.