dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5239
share rss forum feed


PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA

LOST IN CONFUSION, Some ZA Help please!

I found this site because I searched for threads about "MS Auto Update". Alot of the issues mentioned are kinda goin on with my computer...the weirdest being Windows Explorer trying to acces the internet. That happened tonight. Y would that program...of ALL programs...want to connect to the internet....Kudoz to Zone Alarm? But from what I understand from above, ZA might not be OK? Then what is the best free firewall (easy to understand) out there? Also What is Distribute COM Services? It always tries to get to the internet? I never let it!!

My original question is WHY is "MS Office Auto Update", always down?
»www.officeupdate.microsoft.com/o···alog.htm

I'm just really confused by the totality of the entire thread...can't really make out what is good or bad? And since Windows Explorer tried to get to the internet...im a lil nervous...what might be goin on here?
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net


This post was a new reply to an old post. I have opened a new thread for it. The contents of the post have not changed. Wildcatboy


[text was edited by moderator]



2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
kudos:1

OK - why would Windows Explorer try to get to the internet: You may have something like Web Folders enabled, and may have browsed to one of them and IE is trying to connect to it. You may have tried to open a file that contains a reference to a location on the internet. You may have tried to browse to a folder that is on the web somewhere (web folders enabled). There are valid reasons for this action. Distributed COM services - sounds like you have Windows 2000 running. There was a discussion of this in another thread, and quite frankly its purpose escapes me at the moment - suffice it to say that it obviously doesn't need internet access.

As to Why is MS Office Auto Update always down? I don't have a clue - I update both Windows and Office 'manually' - although I have got Windows update set to notify me when critical updates come out. As far as the site in your link, I just went there with no problem at all.
[text was edited by author 2001-02-17 02:46:27]


System
reply to PHILLYBIZ

Distrbuted com is from what i can tell spyware from different freeware programs. I got it when i installed download accelerator plus and other programs that I have downloaded in the past. I keep it blocked form using the internet and have never had any problems running any of the programs.



Wildcatboy
Invisible
Premium,Mod
join:2000-10-30
Toronto, ON
kudos:3
reply to PHILLYBIZ

philly76erskid74, you do seem confused. Forget about the old thread and try to explain what it is exactly that's confusing and what is it exactly that you need to know. There are several questions in your post ranging from ZA to Microsoft's web site to Distribute Com services.

2Kmaro answered why Windows explorer might want to reach out. Say no to it and if a program fails to operate you'll know why and then you can decide whether to let it out or not. Otherwise keep it inside and don't let it out.

Why is the site down? well, I just went there. I never use it to update or upgrade. I do it manually and I don't like to be tracked.

Distribute Com Service or RPCSS.EXE is a Windows / NT component and there has been a lot of speculations about it. Most people believe it's some kind of Microsoft designed Trojan calling home and reporting things. I don't know if you want to be that paranoid but in any case my policy is if you don't know what it is say no to it. Your best bet would be to disallow it in ZA to get out of the computer and allow it in your local zone.
--
You can catch the Devil, but you can't hold him long.



2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
kudos:1
reply to Anon

mccarrier - I have to go with WCB on this one - Distributed Comm appears to be a built in part of Win NT/2K. It is on my W2K system, and the only freeware there is ZoneAlarm, and I know for a fact it does not come with ZoneAlarm. Haven't got a real clue as to what its whole purpose in life is, but it seems that it doesn't have to get to the internet for things to work right. In that, you are absolutely correct as I see it.



fuzz
Fuzz
Premium
join:2000-06-05
FuzzLand

I wonder if this:
»www.distributed.net/trojans.html.en
has anything to do with the problem?
You might want to check.
--
For The Cause



notdedyet

join:2000-08-28
Littleton, MA
reply to PHILLYBIZ

There seems to be some confusion about DCOM here. DCOM (or Distributed COM) is the mechanism by which Microsoft COM objects can be hosted on different systems from the one that the program that calls it is running on.

So what is a COM object? COM stands for Component Object Model and is the underpinning of a lot of Microsoft's software these days. IE is a collection of COM objects, and ActiveX is built around COM objects.

Due to the way that COM is designed, a COM object may reside in the same process as the calling program or in a separate process of its own. When a COM object is in a separate process, that process may be running on the same system as the calling program or on some other system. When it resides on a separate system, it is sometimes referred to as DCOM although Microsoft tends not to use that term anymore.

DCOM is NOT spyware. I suspect that you could write spyware with DCOM, but you can write spyware without it. (And non-MS OS based spyware couldn't be written without it.)

So how do you get DCOM on your system? It comes with it (as of Win95 OSR2) or by installing IE or other MS apps.



CyberStretch

join:2000-11-23
Worcester, MA

I think notdedyet hit the nail on the head. I think that RPCSS.EXE is the Windows port of the *nic RPC which, IIRC, allows Remote Procedure Calls between systems to allow a program to be run by one system on another.

This may be of little use to home users, unless you are hosting applications on one system you want to run from another, but could be highly beneficial from a professional environment.

A brief description of RPCSS.EXE can be found on: Q148804:

The Windows 95 RPC endpoint mapper service, Rpcss.exe, may not correctly handle reentrancy (more than one pending request). If the RPC endpoint mapper is concurrently accessed by two processes, or twice within one process, an invalid page fault (exception 0E) may occur in Rpcss.exe.

This behavior is somewhat timing-dependent, and may not occur consistently on all computers.




A little searching and fact finding is usually all that is needed to dispel rumors of "spyware", "Trojans", etc included in MS OSes.

Microsoft maybe evil in some respects, but definitely not in all respects.
--
The price of admission is submissions...


notdedyet

join:2000-08-28
Littleton, MA
reply to PHILLYBIZ

RPCSS on a Windows system is Remote Procedure Call System Service and is Microsoft's implementation of the RPC standard but modified to authenticate calls using Windows NT authentication. It also can start up COM objects as necessary. RPCSS also exists on Unix and OpenVMS systems that have had COM support ported to them.



CyberStretch

join:2000-11-23
Worcester, MA

notdedyet,

Thumbs to you for factual information and dispelling any fears about RPCSS.EXE. I am sure everyone will rest a little better now that they know what it is.
--
The price of admission is submissions...



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA
reply to 2kmaro

ThancX...I am confused because I wasnt even in explorer...I wasn't even touching the keyboard..it just went to the internet...

I am now clear on the DCOM dilema; however I am not running windows 2000...98se. So why would it come up?

With MS update down, I mean like "Windows Update", it tells you what you need...Office Update always says its down, but I tend to agree about preferring to update manually...but I cant seem to figuure out what to run first...if I really need this or that. I am using 2000 Office Premium. I guess I'm OK?
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net



OzarkMan$

join:2000-12-22
Ozark Mtns.

Hey Philly,

Couple of questions for ya.
1)Are you using "Active Desktop" to your knowledge
2)Windows Explorer or Internet Explorer tried to connect
3)To your knowledge do you have any programs set to auto-update at a certain time
4)What program if any were active at this time when you weren't even touching the keyboard

The crazy's out there are getting real slick, even company's that hide there heads as programmers load tons of cookies, BHO's and many other nasty's that compromise our systems and to some degree violate privacy

Wish you well in your quest for answer.
OZ
--
Genuine Wisdom is knowing what you are talking about but deciding to keep your mouth shut.



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA

Hello Ozark....

1) No about active desktop...to my knowledge...seriously, I had to remember how to access it!!

2) Windows Explorer

3) No programs set to "auto update"...i do have windows update and netscape update

4) No programs were active except for start up (PT Snoop, Hidserv,scanreg)...I had just turned on Zone Alarm maybe 2 mins b4....GLAD I DID...
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net



Wildcatboy
Invisible
Premium,Mod
join:2000-10-30
Toronto, ON
kudos:3
reply to notdedyet


Thanks Notdedyet. I found your explanations to be quite valuable. Keep on posting. As you mentioned quite correctly Distribute Com services and COM objects can be used in Spyware but they are not by nature necessarily Spyware. The reason a lot of paranoia surrounds this service on different boards is the simple fact that it tries to get out every now and then. As I mentioned in my original post I don't know if philly wants to be that paranoid to accept that explanation but not letting it out in most cases won't affect the operations of a home user.

In ZA you can easily let that procedure to be used for your local communications but disallow it from going out. By the way It's been experienced by some people that by disallowing it to go out you may have problems viewing some sites. Hasn't happened to me yet and I can't personally testify to that. It's just something that was mentioned on this forum before. Again good posts.
--
You can catch the Devil, but you can't hold him long.



larsfum
Premium
join:2000-09-01
Saint Petersburg, FL
reply to PHILLYBIZ

There is a FAQ on the ZA website that basically states that Za misidentifies WE for IE. »www.zonelabs.com/services/suppor···#config1
--
Fish laugh at the mere mention of my name!



RDionysus

join:2000-10-03
Lindenhurst, NY
reply to PHILLYBIZ

There is further explanation of DCOM scenarios here as well: »www.adcop.org/smallfish/dcom.htm



OzarkMan$

join:2000-12-22
Ozark Mtns.

reply to PHILLYBIZ

Philly, hopefully you now have a better understanding of DCOM due to the wonderful comments by all. As for one of your other concerns "Explorer" wanting to connect, hopefully it is as the others have said....if not....maybe one of the following previous posts will lead you down the right road.

windows explorer wants out

Explorer

Zone Alarm Question about Windows Explorer

As always, when visiting most posts, there are very good comments and opinions. The three above also have some interesting threads one could click on for further info.

NOT wanting a program to connect from your machine without your permission is Very important...as others have said.

Be Secure AND Paranoid
Oz

[text was edited by author 2001-02-18 06:53:16]



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA

ThancX Ozark...
You sent me into a world...now here are my questions?

DCOM is now hammered into my brain. Checked out AWSPS and as soon as i opened it it asked me about DCOM...but the free version doesnt allow you to fiddle much. I might have to buy it it seems interesting...

said by paul613:
Take a look at the authorized programs in zone alarm, it will list the versions for IE and windows explorer. They should be a close match(The 1st three numbers) For example MY IE is version 5.50.4522.1800, and Windows explorer is version 5.50.4134.100
I did that and my versions are different...Explorer was 4.72XXXX, IE 5.00XXXX (I have 5.5...(verified))

Im clear on DCOM now, but a lil confused with ZA not pulling correct versions...is there an update I need to run.

I am some what confident that my system is in FULL Stealth mode, but reading threads makes you look and check stuff...and some stuff I read makes me think I have BIG problems...but in the end they are OK...you guys know too much!! Thancx for sharing the knowledge.
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net


Lucif4
Premium
join:2000-12-12

Do you have Hotbar installed? What programs do you have running at startup. Do you notice anything weird when you run 'msconfig' (look in 'startup'). Verify that you haven't installed something new recently.

Has this been happening awhile? Or more recently? What I gather, it has been recently. I had the same problem, and couldn't figure it out until I did a process of elimination. I had to think about what I installed to make Windows explorer want to access the internet. Take a look and think hard.

Good luck at any rate!



Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA
reply to PHILLYBIZ

Since you have IE 5.5 you need to use regedit:
Start>run>type regedit:
Navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewP rocess

It should have a value of "yes" if it doesn't change it to yes REBOOT, then remove auth for explorer from ZA and re authorize Iexplore And let me know how that works out.

This solves the problem for your brownser!
I will bet on it
--
Quest for Knowledge



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA
reply to Lucif4

NO Hot bar

Start-UP
*scan reg
*systray
*PT snoop
*country selection
*load power profile
*hidserv

Only thing weird (but not shocking) is sometimes the "updating config files" message comes up when I KNOW i didnt change anything...

No new installations, HOWEVER, I was on NBA.com, and it asked to download real so that I could view the streaming...but I didnt.

Only started happenin about 2-3 days ago, but Wind Exp only tried to get out 1x (that I know of)...she's on lock down now.

I'll look again, but nothing seems to pop up...Is there a program out there that maps out EVERYTHING you do to your computer? Something easy?
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA
reply to Rocktagon

It already says "YES"...to be clear...what should that fix have solved?



Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA

Well if it say's yes and you have removed windows explorer from the ZA program list, IE should be the program asking for permission to access the internet.
Maybe I lose the bet eh;)



MeeToo7
You Too?
Premium
join:2000-10-18
Ardmore, PA
reply to PHILLYBIZ

I must revisit this old thread and bring it back

Even though it's old, because it already contains things I don't want to be repeated on a new thread.

I'm experiencing exactly what Philly76er is/was. For 3 months now, after getting my new machine with WinME, I have ZA set to never allow Windows Explorer to get out. This annoyed and still annoys the heck out of me, and I have read everything posted here on the subject and understand COM objects (Symentec Netdetec and NAV LiveUpdate work this way.)

I have tried Rocktagon's solution above; I've checked to see if "browsenewprocess" registry key was set to YES, it is and always was. I've removed Windows Explorer from the program list in ZA and rebooted. Right after reboot, with no other programs opened, ZA alerts me that Windows Explorer is attempting to access the net. I then go into Zonelog Analyzer and see these log entries for Windows Explorer:

Type Date Time Source Host Name Port Destination Host Name Port Transport
PE 3/19/2001 8:05:48 AM -5:00 GMT Windows Explorer 239.255.255.250 N/A 1900 N/A
PE 3/19/2001 8:05:51 AM -5:00 GMT Windows Explorer 239.255.255.250 N/A 1900 N/A
PE 3/19/2001 8:06:02 AM -5:00 GMT Windows Explorer 239.255.255.250 N/A 1900 N/A

A reverse DNS on 239.255.255.250 fails, but doing a trace I get this:

whois.arin.net 239.255.255.250

University of Southern California (NET-MCAST-NET)
Information Sciences Institute
4676 Admiralty Way
Marina Del Rey, CA 90292-6695
US

Netname: MCAST-NET
Netblock: 224.0.0.0 - 239.255.255.255

Coordinator:
Internet Corporation for Assigned Names and Numbers (IANA-ARIN) iana@IANA.ORG
(310) 823-9358

To me it seems that Windows Explorer for WinME is reporting to ARIN my IP for some reason each time I reboot.

Also, I don't know whether this is related or not, but like Philly76er, I often get the "updating files" upon reboot when I know I haven't installed anything. I run Ad-Aware and nothing comes up. I've been assuming that one of my sons have installed something, but a nagging feeling in the back of my mind tells me it isn't always so.

This Windows Explorer attempting to access the net issue has never really been resolved to my satisfaction and I'd like your comments in regards to my post please.

--
:)



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA

WOW...so I am not too crazy. I am still having issues with Zone Alarm. I am happy it lets me know when something is trying to explore outside of the gate, but most of the time, I dont know or never heard of the programs attempting to exit.

I actually tested Win Explorer to see if it was cheating on me. I left ZA on ask for permission, and to my disgust, she attempted to leave at about 2.30am. :-(

I am still getting the updating configuration files ALL the time. Even this morning!

Basically, I have just given up on the question "WHY".
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net



Hutch3
Premium
join:2000-10-14
australia

It seems i have have the problem as you do. But i use Windows Me. I have followed every ones advise in a previous post. And in your post. All i can do for now is block Windows Explorer from wanting internet access. I use IE 5.5 SP1. I have emailed both MS Support and ZAP Support for help. And i will pass on any info i get when i get a reply.
--
MY PC IS SECURE AS IT CAN BE. THE MORE I LEARN HERE THE MORE SECURE IT GETS.



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA

Zone Alarm/WIN Explorer VIOLATION AGAIN!!

Well, JUST NOW, Windows Explorer tried it again. I immediately shut down internet activity, and ran Zone Alarm analyzer. The Destination IP address: 205.152.144.252...
ns.mia.bellsouth.net. BellSouth is my internet provider (DSL too). The port was listed. I still want to know what is actually executing the command. I ran adware and there was nothing there. If anyone has anything valuable to add, please let me know. ThancX!
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net



RayJ9

join:2000-08-01
San Antonio, TX

How much RAM do you have installed? What version of Windows? What port did Explorer try to connect to?



PHILLYBIZ
Right Now

join:2001-01-27
Philadelphia, PA

ThancX...128meg...98se...port53



bangaroo
Premium
join:2000-08-13
reply to PHILLYBIZ

Re: LOST IN CONFUSION, Some ZA Help please!

Philly,
I have never used MS Office Auto Update, but I do
use MS Windows Updates and sometimes I can't get the update to work until I clear my Temporary Internet Files and
History files.
Tools > Internet Options > General > Delete Files and Clear History.