yckmbfha
asked on
spooler sub system.exe and windows explorer.exe asking to acces internet .Is this normal?
I have recently had an attack on my pc,and had to completely re-format.should this have solved the problem?Because now with zone alarm running i'm being asked if spooler sub sys app and windows explorer can access the internet.Is this normal.Also when i do the port check on this site,the report says i dont have a firewall,but i do ZA pro is up and running,am i still infected and should i be worried?Thanks in advance. Yckmbfha
ASKER
thanks,ihave avg running allready. i do not have my printer reconnected yet since the attack,and this is a stand alone.i think the attack was a trojan and not a virus.should i still be concerned? Yckmbfha
ASKER
Also on the port check, HTTP PROXY open,HTTP open,SSL open and port 31337 is marked as stealth. any comments?Thanks Yckmbfha.
>> spooler sub sys app
If "spooler sub sys app" is the exact name of the request for access, I did an search for "spooler sub sys app" as a virus/trojan, and none appeared for Windows.
If "spooler sub sys app" is the exact name of the request for access, I did an search for "spooler sub sys app" as a virus/trojan, and none appeared for Windows.
On port scan, 31337 may refer to an adware, not trojan. Do you have a adware/spyware checker? Here is a free and very good one:
SpyBot S&D searches your harddisk for so-called spy- or adbots
http://security.kolla.de/
SpyBot S&D searches your harddisk for so-called spy- or adbots
http://security.kolla.de/
test ur firewall here:
To ensure that your system is secure, test it from the following site:
https://grc.com/x/ne.dll?bh0bkyd2
The above is the most famouse Steve Gibson research website.
TEST YOUR FIREWALL SECURITY WITH THE FOLLOWING LEAK TESTS:
http://www.soft4ever.com/security_test/En/index.htm
http://grc.com/lt/leaktest.htm
http://tooleaky.zensoft.com/
http://keir.net/firehole.html
http://www.hackerwatch.org/probe/
To ensure that your system is secure, test it from the following site:
https://grc.com/x/ne.dll?bh0bkyd2
The above is the most famouse Steve Gibson research website.
TEST YOUR FIREWALL SECURITY WITH THE FOLLOWING LEAK TESTS:
http://www.soft4ever.com/security_test/En/index.htm
http://grc.com/lt/leaktest.htm
http://tooleaky.zensoft.com/
http://keir.net/firehole.html
http://www.hackerwatch.org/probe/
Hello,
yckmbfha >> says have recently had an attack on my pc,and had to completely re-format.should this have solved the problem?<<
Yes, indeed this would have solved the PC's problem to a large extent. Whatever kind of attack you had(unless it was some one coming up and bashing up your computer with a hammer)were all generally software based attacks. This is to say that the integrity of your computer was breached using malignant software programs only.
Since you completely reformatted and re-installed you computer should be safe now.
>>Because now with zone alarm running i'm being asked if spooler sub sys app and windows explorer can access the internet. <<
Indeed this is a good thing that you have Zonealarm running. It is a good personal Firewall and does a lot to protect your computer from attacks unwanted intrusions which may or may not be malign.
'Windows explorer' and 'spooler sub sys App' accessing the internet too is normal. Like "War1" mentioned Spooler sub sys has to do with your Printer software accessing the internet. This is useful when you print something directly from the internet. Programs like 'Word' etc will do that same when you copy some information to create a Word Document on your computer.
>>Also when i do the port check on this site,the report says i dont have a firewall,but i do ZA pro is up and running<<,
>> HTTP PROXY open,HTTP open,SSL open and port 31337 is marked as stealth.<<
This means that your HTTP proxy, HTTP open,SSL open is open. But it does not mean that you are infected. And indeed port 31337 is accessing the internet but in stealth mode. It probably refers to some software accessing ithe internet. Maybe it is Zone alarm is telling you that it is protecting your ports in stealth mode. That should not worry you.
>>am i still infected and should i be worried?Thanks in advance. Yckmbfha <<
And no you are not infected. I believe that you posted this message here without too much problems and indeed if you had some virus or something than probably EE would have stopped you from getting here in the first place.
I would also suggest that you get a really good AV program if you dont have one. No need to go for the heavy commercial ones. Some, even with the latest updates dont catch all the Viruses. Do a research on the ones that are really good yet cheap and get that.
Also get some sort of Trojan checker/remover and use it on a regular basis. There are good ones available at www.cnet.com
Finally, dont open unwanted e-mails and dont access abnormal(contrived, created, customized ,too good looking to be true) looking or forwarded websites that may ask you for your password or other such details.
Hope that this gives you piece [ :>) ] of mind.
yckmbfha >> says have recently had an attack on my pc,and had to completely re-format.should this have solved the problem?<<
Yes, indeed this would have solved the PC's problem to a large extent. Whatever kind of attack you had(unless it was some one coming up and bashing up your computer with a hammer)were all generally software based attacks. This is to say that the integrity of your computer was breached using malignant software programs only.
Since you completely reformatted and re-installed you computer should be safe now.
>>Because now with zone alarm running i'm being asked if spooler sub sys app and windows explorer can access the internet. <<
Indeed this is a good thing that you have Zonealarm running. It is a good personal Firewall and does a lot to protect your computer from attacks unwanted intrusions which may or may not be malign.
'Windows explorer' and 'spooler sub sys App' accessing the internet too is normal. Like "War1" mentioned Spooler sub sys has to do with your Printer software accessing the internet. This is useful when you print something directly from the internet. Programs like 'Word' etc will do that same when you copy some information to create a Word Document on your computer.
>>Also when i do the port check on this site,the report says i dont have a firewall,but i do ZA pro is up and running<<,
>> HTTP PROXY open,HTTP open,SSL open and port 31337 is marked as stealth.<<
This means that your HTTP proxy, HTTP open,SSL open is open. But it does not mean that you are infected. And indeed port 31337 is accessing the internet but in stealth mode. It probably refers to some software accessing ithe internet. Maybe it is Zone alarm is telling you that it is protecting your ports in stealth mode. That should not worry you.
>>am i still infected and should i be worried?Thanks in advance. Yckmbfha <<
And no you are not infected. I believe that you posted this message here without too much problems and indeed if you had some virus or something than probably EE would have stopped you from getting here in the first place.
I would also suggest that you get a really good AV program if you dont have one. No need to go for the heavy commercial ones. Some, even with the latest updates dont catch all the Viruses. Do a research on the ones that are really good yet cheap and get that.
Also get some sort of Trojan checker/remover and use it on a regular basis. There are good ones available at www.cnet.com
Finally, dont open unwanted e-mails and dont access abnormal(contrived, created, customized ,too good looking to be true) looking or forwarded websites that may ask you for your password or other such details.
Hope that this gives you piece [ :>) ] of mind.
ASKER
thanks everyone,will rest soundly now!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Windows Explorer always asks to access the Internet. This is normal.
Spooler usually refers to a printer. Do you have a printer on a network? If you do, then spooler asking to access the server is normal.
Zone Alarm has the option to hide the IP address. So the port check may not see it.
It is good to be concern. So far from what you observe, there is no virus. Do you have an anti-virus program running? Does it check your emails? ZoneAlarm does not protect you from all viruses. A free is AVG 6.0 Anti Virus
http://www.grisoft.com
Best wishes, war1