NamePros.Com - explorer.exe tries to connect to sa.windows.com

It appears you have not yet registered with NamePros. To register please click here... (it's fast, easy and free!)

NamePros Domain Auction
Live Event This Thursday at 6PM EDT - Prebidding open now

16 members in the live chat room. Join Chat!

Mark Forums Read

Domain Name Industry Newsletter

		NamePros.Com > Design and Development > Web Hosting Discussion
explorer.exe tries to connect to sa.windows.com

Closed Thread

07-27-2007, 04:48 PM	· #1
hollywood NamePros Member Name: hollywood Location: Namepros Trader Rating: (1) Join Date: Jan 2007 Posts: 104 NP$: 0.00 (Donate)	explorer.exe tries to connect to sa.windows.com What is going on when my explorer.exe attempts to connect to a server at tucows? I am running XP with SP2. Although the destination server is sa.windows.com it is actually owned by tucows and not Microsoft according to whois. Since I don't have any relationship to tucows, I don't understand why my PC should be trying to connect to one of their servers. Furthermore, I don't understand why it is explorer.exe trying to connect instead of svchost.exe. It only seems to occur periodically (twice in the past three days per my log files below) but I would like to know what/why/how this is happening, just in case my firewall isn't stopping all of the connection attempts. Hmmm...can you tell that I don't think my firewall is stopping all of the connection attempts? Thanks in advance guys. Code: Log: Description Windows Explorer was blocked from connecting to the Internet (207.46.248.249:HTTP). Rating High Date / Time 2007/07/24 15:30:12-8:00 GMT Type Program Access Program explorer.exe Source IP Destination IP 207.46.248.249:80 Direction Outgoing (connect) Action Taken Blocked Count 2 Source DNS Destination DNS sa.windows.com ================================================== =========== Description Windows Explorer was blocked from connecting to the Internet (207.46.248.249:HTTP). Rating High Date / Time 2007/07/27 09:32:46-8:00 GMT Type Program Access Program explorer.exe Source IP Destination IP 207.46.248.249:80 Direction Outgoing (connect) Action Taken Blocked Count 2 Source DNS Destination DNS sa.windows.com Please register or log-in into NamePros to hide ads __________________ hqfm.com \| xhpr.com \| stock-ex.com \| vuhb.com \| Last edited by hollywood : 07-28-2007 at 10:04 AM.

07-27-2007, 08:39 PM	· #2
SharedRack.com NamePros Member Trader Rating: (0) Join Date: Jul 2007 Posts: 26 NP$: 0.00 (Donate)	I am not sure exactly however from personal experience its looks like a DDos campaign directed against tocows Depending on this you should have a virus which force your Explorer go to sa.windows.com However accept it as assumption only __________________ SharedRack.com - Unbeatable prices an quality! - Top quality \|Shared Hosting\| - Great conditions for \|Resellers\| - 100% fully managed \|Dedicated servers\|

07-28-2007, 10:08 AM	· #3
hollywood NamePros Member Name: hollywood Location: Namepros Trader Rating: (1) Join Date: Jan 2007 Posts: 104 NP$: 0.00 (Donate)	Thanks, I have run symantec and my pc comes up clean so I guess I will try some online scanners.... If it is a virus, can someone help me identify the vector used? I would prefer not to reinstall xp right now as I've recently moved and the install disk is buried in a box somewhere. There is rep and more waiting for you! __________________ hqfm.com \| xhpr.com \| stock-ex.com \| vuhb.com \|

07-28-2007, 01:12 PM	· #4
SharedRack.com NamePros Member Trader Rating: (0) Join Date: Jul 2007 Posts: 26 NP$: 0.00 (Donate)	I would recommend to try this http://www.kaspersky.com instead of symantec. Free trial is available and you can download it and scan your PC. However please note that you'll need to turn off symantec temporary because both antiviruses can't work in same time. Please update this thread if it will make any sense, thanks. __________________ SharedRack.com - Unbeatable prices an quality! - Top quality \|Shared Hosting\| - Great conditions for \|Resellers\| - 100% fully managed \|Dedicated servers\|

07-29-2007, 11:18 AM	· #5
hollywood NamePros Member Name: hollywood Location: Namepros Trader Rating: (1) Join Date: Jan 2007 Posts: 104 NP$: 0.00 (Donate)	Thank you very much sharedrack.com ... kaspersky found it, flush trojan, rep added with a big __________________ hqfm.com \| xhpr.com \| stock-ex.com \| vuhb.com \|

07-30-2007, 03:37 AM	· #6
SharedRack.com NamePros Member Trader Rating: (0) Join Date: Jul 2007 Posts: 26 NP$: 0.00 (Donate)	Thanks for update. You welcome __________________ SharedRack.com - Unbeatable prices an quality! - Top quality \|Shared Hosting\| - Great conditions for \|Resellers\| - 100% fully managed \|Dedicated servers\|

07-30-2007, 03:40 PM	· #7
ehoez.com NamePros Regular Name: Tim Tim Location: Atlanta, GA USA Trader Rating: (0) Join Date: Jul 2007 Posts: 228 NP$: 45.00 (Donate)	you got spyware installed somewhere __________________ ___________________ www.newyork-realtors.info / www.georgia-realtors.info / www.nevada-realtors.info / www.northcarolina-realtors.info / www.atlanta-sod.com / www.ga-insurance.info


NamePros is a revenue sharing forum.

« Unmetered but speed limited VPS vs. Metered ones | My Personal Favorite Hosting Company is MediaTemple »

Thread Tools
Show Printable Version Email this Page

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is Off HTML code is Off

Forum Jump

Site Sponsors

Advertise your business at NamePros

All times are GMT -7. The time now is 09:04 PM.

Powered by: vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 2.4.0