We help IT Professionals succeed at work.
Get Started

ntoskrnl.exe captures port 443?

mts1701
mts1701 asked
on
2,587 Views
Last Modified: 2010-04-13
Okay, here's what happened.  We recently got hit by a virus (WinShell50 according to Trend Micro), because our server wasn't up to date on all the windows security updates.  I don't however, want to get bogged down on the virus related angle of this problem.  The server has been cleaned, and is no longer infected.  

My question specifically is related to a residual problem that is occurring.    Every time the server is rebooted, ntoskrnl.exe immediately opens up port 443 and starts listening.   Then, moments later when IIS starts up, it can't open the port (which it needs to for SSL connections).  Subsequently, all out pages that require an SSL connection, get a page is not displayed error.  This problem is more eloquently described in KB284984, however, I still can't get a handle on how to fix it.    

Now what I've been able to do in the meantime, is to download this little app from Microsoft that tells me what ports on my server are active, and what processes/services they are associated with.  To temporarily fix the problem, all I have to do is stop that process, and then restart IISADMIN, and poof!, it's fixed.  But only until I have to restart the server.  

I'm eagerly looking for a way to resolve this.  My thinking is that SOMEWHERE there is a way to control, what services/processes startup.  For the record... here's what I've already tried:

1.  Ran the removal tool for the winshell50 virus.  
2.  Also stepped through the manual removal process.
3.  I've checked my registry under LOCAL MACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/RUN, but there's nothing there that would seem to start ntoskrnl.  

I've also done a LOT of research on this problem, and I can't obviously include everything I've learned into this single post, but I'll be happy to elaborate if necessary.
Comment
Watch Question
Commented:
This problem has been solved!
Unlock 1 Answer and 6 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE