Windows Security Question?

[Negative]

IExplore.exe is the one you need to give permission in order to be able to surf the net.

(in detail: IExplore.exe uses:
outbound TCP on ports 80, 81, 82, 83 (surfing)
outbound TCP on port 443 (SSL)
outbound TCP on port 1080 (Socks)
outbound TCP on port 3128, 8080, 8088 (proxy)
outbound TCP on port 70 (Gopher)
outbound TCP on port 21 (FTP)
inbound TCP on port 20 (FTP)
inbound TCP on port 1375 (Web folders - temporary Internet files,...)
inbound UDP on port 1040-1050 (Web folders))

If it asks for something else, it's not the real IExplore.exe

NeoWatch Manual
Events will sometimes list their source IP as 127.0.0.1. It's important to note that this IP is special, and is referred to as the loopback address. Basically, no matter what machine you're on, 127.0.0.1 always refers to yourself. This address is also referred to as localhost, as the machine name localhost will always resolve back to the IP address 127.0.0.1.

Does this mean that your machine is attempting to hack itself? Is some trojan or spyware taking over your system? Not likely. Many legitimate programs use the loopback address for communication between components. For example, many personal mail or web servers let you configure them via a web interface, usually accessible through something like http://localhost/ .

[EvIl eLf]

The beauty of zone alarm is that it also warns whats going out of the firewall .i would recomend a hardware firewall dsl router scuh as dlink804 or netgear they provide pretty good pascket filtering capability. usaulluy when explorer.exe attempts to acess the net its because a windows update prompt will soon follow but you can update windows manually so dont pay it no mind . i am new to this posting so if i said anything that is an error please let me know its the process of learning i look foward to absorbing and giving knowledge .

[delstar]

Has anyone considered that it might be Active Desktop that's doing it? Just a thought...

[VictorKaum]

This explorer thing doesn't harm your pc, as long as you are sure it is the real explorer and not some trojan. (e.g. Windows update uses the thing)

If you want to be sure use some other firewall (a box configured to do the task) and block the ports you don't need so you won't be running a server without your knowledge.

[Megazoid]

Yes, to a degree i am not worrying about the explorer.exe "thing". I really believe norton would pick something up (its even picked up applications i have created that aren't trojans! but have WinSock code within them) - So i really can't see a trojan getting passed norton AV...

Maybe i am just being paranoid? I really believe thats what the problem is. But 'something' in me, tells me that one of my "So-Called" friends could have sent me a trojan or hacked my PC in the past.

I have no proof of this, expect some of them have made refrences to quotes or subjects i may have mentioned in emails. As use all know, this can be a very bad thing, as some of my emails are very private and not for others to read. This could simply be me getting paranoid again though, and worried about nothing!

To my knowledge i have never accepeted an application (executable files) from this person, so i dont believe i have a trojan. The problem is that i know i dont have a trojan currently (on my Win2K Installation) but i believe in the past i could have had one. I know this is getting very confusing and sorry for all this hassle/problems. I am probably worried about nothing.

I have used Netmeeting with this person and also used MSN Messenger with them. To my knowledge i didn't have Windows setup to allow File Sharing or Printer Sharing, can anyone give me more information on this? As i said before i am not on a LAN and at the time i "think" i may have been hacked was when i was using a 56K Modem (Dial-Up).

I have even tried using 'Data Recovery' tools to bring back my old system files for a full trojan & virus scan. But because i changed from FAT 32 to NTFS its impossible to get the data back! also i formatted twice, which i didn't mean todo infact. I was going to just install Win2K using FAT32, so i formated using FAT32, then i decided when i begun the Win2K installation to format using NTFS. I now have no way of getting the data back for checking (to my knowledge).

Thanks again guys, and i look forward to more helpfull replys...

[VictorKaum]

If you formatted your drive twice and installed new things on it, the chanches to recover are small (although you could do it but I think it's not worth the effort).

About emails -> it's not that difficult to view emails -> a sysop can read the content of emails that pass the servers if he / she really wants. But you said no LAN, Dial Up and etc... perhaps your friend was close enough to know your pwds?

Where are your mails located (on some private webbased email server? some public webmail like hotmail? at home?)