有請專家,有關資安問題(已解決)explorer.exe外連問題
本帖最後由 撞牆壁 於 2015-6-12 13:27 編輯這幾天有下載大陸的軟體
其中有幾項是有毒的
所以這幾天特別警慎
我目前使用的是ESET
有然發現explorer.exe這軟體會有突發性的對外連線
此軟體是系統必備軟體
上網爬文結果是
有可能中毒狀況是有同名大寫軟件<<木馬
或者軟體被注入木馬
但是我把它上傳到VirusTotal分析,卻什麼都沒有
而我觀察他一小時
他偶而就會跑出一個對外連結<對方IP:203.69.138.140 連接埠:80
偶而會消失
時間非常不定
http://i.imgur.com/UJw12ad.jpg
雖然不確定到底是不是木馬之類的
但查不到此IP的任何資訊,只知道是台灣中華電信發配出的IP
>>並非微軟控制(微軟控制會回傳到微軟伺服器)微軟伺服器位置都有公開回報,網路一查就知道
所以感覺是第三方在連結
有請站內高手幫助解惑
explorer.exe被放毒了,用其他掃毒軟體掃看看 本帖最後由 ad6543210 於 2015-6-12 09:10 編輯
這篇
Akamai Technologies is a company providing a content delivery network. This network is used to cache content so allowing faster delivery.It has a large network of servers distributed worldwide. Space on these servers is rented to many large companies, including Facebook, Twitter and Microsoft.As Akamai is used by Microsoft seeing connections from svchost / explorer / internet explorer to Akamia is quite normal.They can been seen during the following circumstances:
[*]During Windows update (which may be running in the background)
[*]When verifying digital signatures:
[*]One of the responsibilities Explorer.exe has, is to verify the digital signature on signed software. To do so it will contact the signing authority, which may be Verisign, GoDaddy, Comodo etc, when a digitally signed application is launched. This also used a connection to Akamai.
[*]When browsing the internet:
[*]When a user navigates to the URL of an Akamai customer, their browser is redirected to one of Akamai’s copies of this website.
[*]Note Explorer can also launch browsing sessions (for example when entering a URL into the Address Bar).
用那 ip 去搜尋會找到不少
fbcdn-xxxxx.akamaihd.net 203.69.138.xxx
的紀錄
補充結論:這是微軟自己弄的,是 cdn 服務
頁:
[1]