explorer.exe tries to connect to sa.windows.com

[hollywood]

What is going on when my explorer.exe attempts to connect to a server at tucows? I am running XP with SP2.

Although the destination server is sa.windows.com it is actually owned by tucows and not Microsoft according to whois. Since I don't have any relationship to tucows, I don't understand why my PC should be trying to connect to one of their servers. Furthermore, I don't understand why it is explorer.exe trying to connect instead of svchost.exe.

It only seems to occur periodically (twice in the past three days per my log files below) but I would like to know what/why/how this is happening, just in case my firewall isn't stopping all of the connection attempts. Hmmm...can you tell that I don't think my firewall is stopping all of the connection attempts?

Thanks in advance guys.

Log:
Description      Windows Explorer was blocked from connecting to the Internet (207.46.248.249:HTTP).
Rating           High
Date / Time      2007/07/24 15:30:12-8:00 GMT
Type             Program Access
Program          explorer.exe
Source IP        
Destination IP   207.46.248.249:80
Direction        Outgoing (connect)
Action Taken     Blocked
Count            2
Source DNS       
Destination DNS  sa.windows.com
=============================================================
Description      Windows Explorer was blocked from connecting to the Internet (207.46.248.249:HTTP).
Rating           High
Date / Time      2007/07/27 09:32:46-8:00 GMT
Type             Program Access
Program          explorer.exe
Source IP        
Destination IP   207.46.248.249:80
Direction        Outgoing (connect)
Action Taken     Blocked
Count            2
Source DNS       
Destination DNS  sa.windows.com

 

[SharedRack.com]

I am not sure exactly however from personal experience its looks like a DDos campaign directed against tocows
Depending on this you should have a virus which force your Explorer go to sa.windows.com

However accept it as assumption only

 

[hollywood]

Thanks, I have run symantec and my pc comes up clean so I guess I will try some online scanners....

If it is a virus, can someone help me identify the vector used? I would prefer not to reinstall xp right now as I've recently moved and the install disk is buried in a box somewhere. There is rep and more waiting for you!

 

[SharedRack.com]

I would recommend to try this http://www.kaspersky.com instead of symantec. Free trial is available and you can download it and scan your PC.
However please note that you'll need to turn off symantec temporary because both antiviruses can't work in same time.

Please update this thread if it will make any sense, thanks.

 

[hollywood]

Thank you very much sharedrack.com ... kaspersky found it, flush trojan, rep added with a big

 

[SharedRack.com]

Thanks for update. You welcome

 

[ehoez.com]

you got spyware installed somewhere