Author Topic: what does explorer.exe have to connect to verisign ? >>> HJT signature  (Read 2530 times)

0 Members and 1 Guest are viewing this topic.

Hermite15

  • Guest
just found that in my firewall log...problem is I found it a few hours after the event and I have no idea what I was doing when it happened...I just remember I attempted a java update in the afternoon, don't know if it's related. It could also be that Windows attempted to verify a driver signature...no idea.
« Last Edit: January 16, 2010, 07:08:22 PM by Logos »

Hermite15

  • Guest
Re: what does explorer.exe have to connect to verisign ?
« Reply #1 on: January 16, 2010, 07:02:40 PM »
I think I got it, in the event viewer:

Code: [Select]
Log Name:      Application
Source:        Windows Error Reporting
Date:          1/16/2010 4:45:05 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      *****
Description:
Fault bucket 54757992, type 5
Event Name: PCA2
Response: Not available
Cab Id: 0

Problem signature:
P1: HijackThis.exe
P2: 2.0.0.2
P3: HijackThis
P4: HijackThis
P5: Trend Micro Inc.
P6: 8
P7: 200
P8:
P9:
P10:

Attached files:
C:\Users\****\AppData\Local\Temp\{17a46daa-5f77-4cd0-8107-eb17ac4463f8}\appcompat.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_HijackThis.exe_c946858dcbec75a36b5bd8818b3a9b915424475_1511cbca

Analysis symbol:
Rechecking for solution: 0
Report Id: 13249b86-02b6-11df-a2d0-001d72e70a0e
Report Status: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-01-16T15:45:05.000000000Z" />
    <EventRecordID>5995</EventRecordID>
    <Channel>Application</Channel>
    <Computer>philippe-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>54757992</Data>
    <Data>5</Data>
    <Data>PCA2</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>HijackThis.exe</Data>
    <Data>2.0.0.2</Data>
    <Data>HijackThis</Data>
    <Data>HijackThis</Data>
    <Data>Trend Micro Inc.</Data>
    <Data>8</Data>
    <Data>200</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
C:\Users\*****\AppData\Local\Temp\{17a46daa-5f77-4cd0-8107-eb17ac4463f8}\appcompat.txt</Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_HijackThis.exe_c946858dcbec75a36b5bd8818b3a9b915424475_1511cbca</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>13249b86-02b6-11df-a2d0-001d72e70a0e</Data>
    <Data>0</Data>
  </EventData>
</Event>

problem is I don't want to allow the system to make such connections, that would leave the way open to malware (if installed) to connect...
« Last Edit: January 16, 2010, 07:11:51 PM by Logos »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: what does explorer.exe have to connect to verisign ? >>> HJT signature
« Reply #2 on: January 16, 2010, 09:27:30 PM »
I too am of the same opinion, I don't want explorer.exe connecting and have it blocked in my firewall also.

Though I'm at a loss as to why HiJackThis might come in for any signature failure (or the requirement to check), but don't programs have to be signature verified in 64bit win7 ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Hermite15

  • Guest
Re: what does explorer.exe have to connect to verisign ? >>> HJT signature
« Reply #3 on: January 16, 2010, 10:33:23 PM »
I too am of the same opinion, I don't want explorer.exe connecting and have it blocked in my firewall also.

Though I'm at a loss as to why HiJackThis might come in for any signature failure (or the requirement to check), but don't programs have to be signature verified in 64bit win7 ?

yes they do, and I guess Windows detected something wrong with HJT sig and required a check on Verisign...don't know never seen this happen before. When an app comes with bad or unknown signature in 7/64, you usually get a pop up from Windows...and you're better off dismissing the install because this can cost you a no go at reboot time. Only way out is then to either attempt a start with no driver verification or go into safe mode to uninstall the unwanted program/driver.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: what does explorer.exe have to connect to verisign ? >>> HJT signature
« Reply #4 on: January 16, 2010, 11:08:31 PM »
Yes, just strange that they would use explorer.exe to do that. If polling for what browser you wanted to install was in effect and you didn't select IE, may be why explorer was used.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security