Strange Local and Remote address

Discussion in 'Port Explorer' started by Osprey, Mar 15, 2005.

Thread Status:
Not open for further replies.
  1. Osprey

    Osprey Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    3
    Hi,

    I have noticed in my Port Explorer that I am getting strange Loacl and remote addresses. Currently I have a Process svchost.exe with Process ID 1028 Protocol UDP Local Address downloads.aaa1screensavers.com Local Port 1900 Remote Address *.*.*.* Remote Port *
    Also another Process Process secureie.exe with Process ID 2744 Protocol UDP Local Address downloads.aaa1screensavers.com Local Port 1084 Remote Address downloads.aaa1screensavers.com Remote Port 1084
    and another Process Process gnotify.exe with Process ID 3680 Protocol UDP Local Address downloads.aaa1screensavers.com Local Port 1058 Remote Address downloads.aaa1screensavers.com Remote Port 1058

    All Status is Listening and another two svchost's have spawned With same ProcessID 324 Protocol UDP Local Address downloads.aaa1screensavers.com Local Port 1041 Remote Address downloads.aaa1screensavers.com Remote Port 1041 Status Listening
    ProcessID 324 Protocol UDP Local Address downloads.aaa1screensavers.com Local Port 123 Remote Address *.*.*.* Remote Port * Status Listening


    Can anybody help me out with what this is? Thanks in advance.

    Cheers for now,

    Mark
     
    Last edited: Mar 15, 2005
  2. BourgePD

    BourgePD Registered Member

    Joined:
    Sep 5, 2004
    Posts:
    75
    Did you download one of their screensavers? If so, did you read the EULA?:

    http://aaa1screensavers.com/eula.html

    Or 'privacy' page:

    http://aaa1screensavers.com/privacy.html

    The screensaver comes with 'adware'...

    I would uninstall it myself... ;)


    :)
     
    Last edited: Mar 15, 2005
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you don't want them, uninstall them. See what happens when you block the send/receive, or spy on possible datapackets, etc.
    When you scan with TDS, SpybotS&D, Ad-Aware you'll probably find more.
     
  4. Osprey

    Osprey Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    3
    Hi,

    No I have not installed any screensavers this is what is concerning me. Hijackthis doesn't show it installed. Ad-Aware SE doesn't see it, so this is strange to me. Nothing seems to find it except Port Explorer?? and the addresses resolve to localhost?

    Doing a full TDS Scan now.

    Cheers for now,

    Mark
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Are you using a hosts file?
    If the remote address is showing as localhost it could be a site/link you visited tried going to/linking to "downloads.aaa1screensavers.com", which if in the hosts file would not not connect out to the internet, but localhost. Could be you are just seeing your hosts file in action. ("downloads.aaa1screensavers.com" is in the hosts file I use)

    Regards,

    CrazyM
     
  6. Osprey

    Osprey Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    3
    CrazyM .... YUM my host file was not what I expected.... was full of sites I never been too.

    Reloaded the .bak file as the host file

    Thanks for your help!
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The hosts file is not a list of sites you have been to, rather a list of sites you do not want to go to. While browsing if you encounter a link to a site in the hosts file it will direct it to localhost (your own system) as your system will check the hosts file prior to trying to connect outside and you will be prevented from going there. The hosts file can be used to prevent connections to undesirable sites, adds, etc.

    If you are not familiar with the hosts files is it possible another user of your system installed it?

    More information on hosts file:
    Blocking Unwanted Parasites with a Hosts File
    Using the Hosts File

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.