IEXPLORER.EXE IS ATTEMPTING TO ACCESS THE INTERNET WITH ONE OR MORE UNRECOGNIZED MODULES

THIS IS THE MESSAGE I AM GETTING SINCE I SETUP A HOME NETWORK WITH A CROSSOVER CABLE.THE ALERT IS PROVIDED BY NORTON INTERNET SECURITY 2005 WHICH IS UPDATED .THE ONLY SETTING THAT I DID CHANGE IN THE FIREWALL IS THAT I ENTER TWO IP ADDRESSES AS TRUSTED FOR THE TWO COMPUTERS I AM CONNECTING TOGETHER .
THE MESSAGE REFER EITHER TO IEXPLORER.EXE OR SVCHOST.EXE OR LUCOM3.EXE .
IS IT A VIRUS ? OR JUST SOMETHING AFFECT NIS 2005 AND CAN NOT WORK ? WHAT IS THE SOLUTION TO THIS PROBLEM .
NGEORGE33Asked:
Who is Participating?
 
r-kCommented:
Zee,

That address seems to be in his own domain, as seen by this entry from the HJT log:

O17 - HKLM\System\CCS\Services\Tcpip\..\{783D1BD0-C45C-4389-867E-BFE338E10BAF}: NameServer = 194.30.220.114 194.30.220.117

So I don't think this anything but normal traffic.

Still, it doesn't hurt to double-check with a couple of on-line scans.

Also, another online scan to add to zee's extensive list:

Microsoft Live Safety Center:
http://safety.live.com/site/en-US/default.htm

A bit slow, but did a good job the couple of times I ran it as a test.
0
 
r-kCommented:
IEXPLORER.EXE is adware/spyware, but IEXPLORE.EXE is just Internet Explorer (note the slightly different spelling).

Please confirm which one you have. If it is the Adware/Spyware, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

LUCOMS.EXE is part of Symantec/Norton, LUCOM3.EXE is unknown, so please double-check that also.

SVCHOST.EXE is a normal Windows file if it resides in c:\windows\system32. It may be malware if in any other folder.

Let us after confirming spelling on all of these.
0
 
SkyccordCommented:
I'm going to assume that you are running Windows XP.  Restart the computer tap the F8 Key when you get the boot menu options choose "Safe Mode with Networking".  When you are into safe mode open up an explorer window and go to this website: http://www.trendmicro.com/spyware-scan/  accept the module and run a spyware scan there.  At this same time you can open up a new Internet Explorer window and go to this web address: http://www3.ca.com/virusinfo/virusscan.aspx 

If anything is found in any of the scans check them and choose delete.

Stanley Louissaint
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
NGEORGE33Author Commented:
my operating system is WINDOWS XP HOME updated
correct spelling for my initial post are :1)iexplore.exe 2)LuComServer_3_0.EXE 3)svchost.exe

http://www.hijackthis.de/logfiles/09dc2f5633ccb1c1744639ef0421b44e.html
This is the link for the saved analisys on hijackthis.

Today i got the message from NIS 2005  "EXPLORER.exe is attempting to access the internet using one or more unrecognized modules"and then the message :

Rule "Default Block Bla Trojan horse" blocked (GEORGE(62.38.24.88),1042).
Inbound UDP packet.
Local address,service is (localhost,1042).
Remote address,service is (GEORGE(62.38.24.88),1042).
Process name is "N/A".

and then i got the same message from NIS2005 for the file "cclgview.exe  is attempting to access the internet using one or more unrecognized modules"
This one time, the user has chosen to "block" communications.
Outbound UDP packet.
Local address,service is (GEORGE(62.38.24.88),0).
Remote address,service is (194.30.220.114,domain(53)).
Process name is "C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE".
0
 
HypercubeTechCommented:
Its a virus

get www.avast.com or www.grisoft.com
and remove it
0
 
r-kCommented:
"correct spelling for my initial post are :1)iexplore.exe 2)LuComServer_3_0.EXE 3)svchost.exe"

I believe these are all normal files, nothing bad.

CCLGVIEW.EXE is also a valid program from Symantec.

You HJT log also seems clean.

I am not sure there is anything wrong with your machine.

If you want to check further, please do the following:

(1) Download Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html

(2) Run the program. It lists a bunch of things that start when Windows starts.

(3) From the menu bar, select Options, and uncheck "Include Empty Locations" and "check" "Hide Microsoft Entries"

(4) This will give you a shorter, more meaningful list.

(5) Uthe File -> Save as.. option in Autoruns to save the list to a text file and then copy and paste it here so we can advise further.

0
 
blue_zeeCommented:
Process Details: cclgview.exe
http://www.hijackfree.com/en/processdetails/?id=131

Information related to '194.30.220.0 - 194.30.220.255'
inetnum: 194.30.220.0 - 194.30.220.255
netname: HOL-INFRA
descr: Hellas On Line S.A.
descr: 151 Har. Trikoupi Str., 14564 Athens
country: GR
admin-c: HOL-RIPE
tech-c: HOL-RIPE
status: ASSIGNED PA
mnt-by: AS3329-MNT
source: RIPE # Filtered

Information related to '62.38.10.0 - 62.38.31.255'
inetnum: 62.38.10.0 - 62.38.31.255
netname: HOL-INFRA
descr: Hellas On Line S.A.
descr: 59-61, Ag. Konstantinou Str.
country: GR
admin-c: HOL-RIPE
tech-c: HOL-RIPE
status: ASSIGNED PA
mnt-by: AS3329-MNT
source: RIPE # Filtered

Have you tried an online virus scanner (run at least 2 of them)?

Panda ActiveScan
http://www.pandasoftware.com/activescan 

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php 

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/ 

Zee
0
 
blue_zeeCommented:

r-k,

That was my point exactly, I also believe it may be a false positive, hence the online scanners suggestion.

Zee

0
 
r-kCommented:
Got it. Should have known you'd be ahead of the curve :)
0
 
NGEORGE33Author Commented:
After that i tried multiple and diffent checks in my computer i think that you are right to believe that is a false of the firewall.The problem is that every time a program try to connect to the internet i am getting the same message.So what should i do .Please remember that the problem began the day i connect to my PC another one with a crossover cable and declaring to the firewall an IP address as a trusted address .
0
 
r-kCommented:
I am not very familiar with the Norton Firewall, but it should have a setting or a check-box where you can say "remember this answer for the future" or something like that.
0
 
blue_zeeCommented:

Ditto.

No Norton products around, thank God!
;-)

Zee
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.