[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

IEXPLORER.EXE IS ATTEMPTING TO ACCESS THE INTERNET WITH ONE OR MORE UNRECOGNIZED MODULES

Posted on 2006-05-08
13
Medium Priority
?
4,455 Views
Last Modified: 2013-11-16
THIS IS THE MESSAGE I AM GETTING SINCE I SETUP A HOME NETWORK WITH A CROSSOVER CABLE.THE ALERT IS PROVIDED BY NORTON INTERNET SECURITY 2005 WHICH IS UPDATED .THE ONLY SETTING THAT I DID CHANGE IN THE FIREWALL IS THAT I ENTER TWO IP ADDRESSES AS TRUSTED FOR THE TWO COMPUTERS I AM CONNECTING TOGETHER .
THE MESSAGE REFER EITHER TO IEXPLORER.EXE OR SVCHOST.EXE OR LUCOM3.EXE .
IS IT A VIRUS ? OR JUST SOMETHING AFFECT NIS 2005 AND CAN NOT WORK ? WHAT IS THE SOLUTION TO THIS PROBLEM .
0
Comment
Question by:NGEORGE33
  • 5
  • 3
  • 2
  • +3
13 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 16635051
IEXPLORER.EXE is adware/spyware, but IEXPLORE.EXE is just Internet Explorer (note the slightly different spelling).

Please confirm which one you have. If it is the Adware/Spyware, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

LUCOMS.EXE is part of Symantec/Norton, LUCOM3.EXE is unknown, so please double-check that also.

SVCHOST.EXE is a normal Windows file if it resides in c:\windows\system32. It may be malware if in any other folder.

Let us after confirming spelling on all of these.
0
 
LVL 3

Expert Comment

by:Skyccord
ID: 16636629
I'm going to assume that you are running Windows XP.  Restart the computer tap the F8 Key when you get the boot menu options choose "Safe Mode with Networking".  When you are into safe mode open up an explorer window and go to this website: http://www.trendmicro.com/spyware-scan/  accept the module and run a spyware scan there.  At this same time you can open up a new Internet Explorer window and go to this web address: http://www3.ca.com/virusinfo/virusscan.aspx 

If anything is found in any of the scans check them and choose delete.

Stanley Louissaint
0
 

Author Comment

by:NGEORGE33
ID: 16638805
my operating system is WINDOWS XP HOME updated
correct spelling for my initial post are :1)iexplore.exe 2)LuComServer_3_0.EXE 3)svchost.exe

http://www.hijackthis.de/logfiles/09dc2f5633ccb1c1744639ef0421b44e.html
This is the link for the saved analisys on hijackthis.

Today i got the message from NIS 2005  "EXPLORER.exe is attempting to access the internet using one or more unrecognized modules"and then the message :

Rule "Default Block Bla Trojan horse" blocked (GEORGE(62.38.24.88),1042).
Inbound UDP packet.
Local address,service is (localhost,1042).
Remote address,service is (GEORGE(62.38.24.88),1042).
Process name is "N/A".

and then i got the same message from NIS2005 for the file "cclgview.exe  is attempting to access the internet using one or more unrecognized modules"
This one time, the user has chosen to "block" communications.
Outbound UDP packet.
Local address,service is (GEORGE(62.38.24.88),0).
Remote address,service is (194.30.220.114,domain(53)).
Process name is "C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE".
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 4

Expert Comment

by:HypercubeTech
ID: 16643887
Its a virus

get www.avast.com or www.grisoft.com
and remove it
0
 
LVL 32

Expert Comment

by:r-k
ID: 16643953
"correct spelling for my initial post are :1)iexplore.exe 2)LuComServer_3_0.EXE 3)svchost.exe"

I believe these are all normal files, nothing bad.

CCLGVIEW.EXE is also a valid program from Symantec.

You HJT log also seems clean.

I am not sure there is anything wrong with your machine.

If you want to check further, please do the following:

(1) Download Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html

(2) Run the program. It lists a bunch of things that start when Windows starts.

(3) From the menu bar, select Options, and uncheck "Include Empty Locations" and "check" "Hide Microsoft Entries"

(4) This will give you a shorter, more meaningful list.

(5) Uthe File -> Save as.. option in Autoruns to save the list to a text file and then copy and paste it here so we can advise further.

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 16643986
Process Details: cclgview.exe
http://www.hijackfree.com/en/processdetails/?id=131

Information related to '194.30.220.0 - 194.30.220.255'
inetnum: 194.30.220.0 - 194.30.220.255
netname: HOL-INFRA
descr: Hellas On Line S.A.
descr: 151 Har. Trikoupi Str., 14564 Athens
country: GR
admin-c: HOL-RIPE
tech-c: HOL-RIPE
status: ASSIGNED PA
mnt-by: AS3329-MNT
source: RIPE # Filtered

Information related to '62.38.10.0 - 62.38.31.255'
inetnum: 62.38.10.0 - 62.38.31.255
netname: HOL-INFRA
descr: Hellas On Line S.A.
descr: 59-61, Ag. Konstantinou Str.
country: GR
admin-c: HOL-RIPE
tech-c: HOL-RIPE
status: ASSIGNED PA
mnt-by: AS3329-MNT
source: RIPE # Filtered

Have you tried an online virus scanner (run at least 2 of them)?

Panda ActiveScan
http://www.pandasoftware.com/activescan 

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php 

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/ 

Zee
0
 
LVL 32

Accepted Solution

by:
r-k earned 900 total points
ID: 16644034
Zee,

That address seems to be in his own domain, as seen by this entry from the HJT log:

O17 - HKLM\System\CCS\Services\Tcpip\..\{783D1BD0-C45C-4389-867E-BFE338E10BAF}: NameServer = 194.30.220.114 194.30.220.117

So I don't think this anything but normal traffic.

Still, it doesn't hurt to double-check with a couple of on-line scans.

Also, another online scan to add to zee's extensive list:

Microsoft Live Safety Center:
http://safety.live.com/site/en-US/default.htm

A bit slow, but did a good job the couple of times I ran it as a test.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 16644063

r-k,

That was my point exactly, I also believe it may be a false positive, hence the online scanners suggestion.

Zee

0
 
LVL 32

Expert Comment

by:r-k
ID: 16644093
Got it. Should have known you'd be ahead of the curve :)
0
 

Author Comment

by:NGEORGE33
ID: 16661949
After that i tried multiple and diffent checks in my computer i think that you are right to believe that is a false of the firewall.The problem is that every time a program try to connect to the internet i am getting the same message.So what should i do .Please remember that the problem began the day i connect to my PC another one with a crossover cable and declaring to the firewall an IP address as a trusted address .
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 900 total points
ID: 16662056
I am not very familiar with the Norton Firewall, but it should have a setting or a check-box where you can say "remember this answer for the future" or something like that.
0
 
LVL 29

Assisted Solution

by:blue_zee
blue_zee earned 300 total points
ID: 16662587

Ditto.

No Norton products around, thank God!
;-)

Zee
0
 
LVL 17

Assisted Solution

by:Dushan De Silva
Dushan De Silva earned 300 total points
ID: 16674882
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question