dx upgrade - unexpected network connection

Discussion in 'Security Software' started by Stephen Bell, Jul 24, 2003.

  1. Stephen Bell

    Stephen Bell Guest

    Why does the direct x upgrade to v9.0b attempt to connect
    to this site? It does not appear to be related to
    download of components? (I blocked the attempted
    connection and the upgrade worked fine, but why is the
    connection being attempted?)

    - Stephen



    =====================================
    Local Port : 2093
    Remote Name : http.edge.ru4.com
    Remote Address : 198.107.152.227
    Remote Port : 80 (HTTP - World Wide Web)

    Ethernet packet details:
    Ethernet II (Packet Length: 62)
    Destination: 00-30-a3-b7-1c-00
    Source: 00-07-e9-b5-94-be
    Type: IP (0x0800)
    Internet Protocol
    Version: 4
    Header Length: 20 bytes
    Flags:
    .1.. = Don't fragment: Set
    ..0. = More fragments: Not set
    Fragment offset:0
    Time to live: 128
    Protocol: 0x6 (TCP - Transmission Control
    Protocol)
    Header checksum: 0xa61c (Correct)
    Source: xxxxxxxxxxxxxxxxxxx
    Destination: 198.107.152.227
    Transmission Control Protocol (TCP)
    Source port: 2093
    Destination port: 80
    Sequence number: 3371730648
    Acknowledgment number: 0
    Header length: 28
    Flags:
    0... .... = Congestion Window Reduce
    (CWR): Not set
    .0.. .... = ECN-Echo: Not set
    ..0. .... = Urgent: Not set
    ...0 .... = Acknowledgment: Not set
    .... 0... = Push: Not set
    .... .0.. = Reset: Not set
    .... ..1. = Syn: Set
    .... ...0 = Fin: Not set
    Checksum: 0x7b0a (Correct)
    Data (0 Bytes)

    Binary dump of the packet:
    0000: 00 30 A3 B7 1C 00 00 07 : E9 B5 94 BE 08 00 45 00
    | .0............E.
    0010: 00 30 B8 BC 40 00 80 06 : 1C A6 92 81 33 95 C6 6B
    | .0..@.......3..k
    0020: 98 E3 08 2D 00 50 C8 F8 : 86 D8 00 00 00 00 70 02
    | ...-.P........p.
    0030: FA F0 0A 7B 00 00 02 04 : 05 B4 01 01 04 02
    | ...{..........
    --------END-------
     
    Stephen Bell, Jul 24, 2003
    #1
    1. Advertisements

  2. That didn't happen to me; check your system for spyware, hijackware,
    foistware.
     
    Sandi - Microsoft MVP, Jul 24, 2003
    #2
    1. Advertisements

  3. Stephen Bell

    Stephen Bell Guest

    Seems unlikely.

    Source of the connection is: dxwsetup.exe

    destination is an akamai cache server

    owner of the destination domain suggests
    perhaps the setup program is updating
    info to Windows Media Player ?

    Any validity to that? Does Microsoft do that kind of
    thing? Use hotfixes / updates system components to
    ensure the most current advert info for WMP?

    File Version : 4.09.00.0902
    File Description : DirectX Setup
    File Path : C:\Documents and
    Settings\bells\Local Settings\Temp\IXP000.TMP\dxwsetup.exe
    Process ID : FE8 (Heximal) 4072 (Decimal)
     
    Stephen Bell, Jul 24, 2003
    #3
  4. I really don't know.. its got me shaking my head..
     
    Sandi - Microsoft MVP, Jul 26, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.