unremovable IE7 Beta 2 trusted site "*.0.0.0.0" [Solved]
OK, I'm stuck. I installed IE7 beta 2, and find that I now have in my "trusted sites" the address "*.0.0.0.0". I didn't put it there. I can't manually remove it. This makes me, a naturally distrustful computer user, leery.
It shows up in class "015 Trusted Sites" on HFT. HJT's "fix" function doesn't remove it. more leery.
When I run "command prompt netstat -an", I see these types of items:
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1080 *:*
UDP 0.0.0.0:1093 *:*
UDP 0.0.0.0:1127 *:*
UDP 0.0.0.0:4500 *:*
I've checked my hosts file. Its fine, and has no .0.0.0.0 entries.
To the extent that this might be a default setting related to a home network, this PC is the only pc on a dsl line w a splitter for a pots phone, a "wireless-network-ready" router (but no other PCs on it) and conventional peripherals-printer, scanner, backup drive, etc.
Is this setting exploitable or created by something malicious?
I can't tell. For example, this document says 3com uses it for server helpfiles:
http://support.3com.com/infodeli/tools/switches/cb3500/cb3500v2/3wug/10011454.pdf
On the other hand, this site: http://www.experts-exchange.com/Security/Q_21476978.html
suggests that it's related to a worm "sdbot.edp" purportedly identified by Panda-- but there's no reference to a worm by that name on Panda's site. So, more suspicion.
You guys know what this is?
Thanks for any help.
S.
It shows up in class "015 Trusted Sites" on HFT. HJT's "fix" function doesn't remove it. more leery.
When I run "command prompt netstat -an", I see these types of items:
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1080 *:*
UDP 0.0.0.0:1093 *:*
UDP 0.0.0.0:1127 *:*
UDP 0.0.0.0:4500 *:*
I've checked my hosts file. Its fine, and has no .0.0.0.0 entries.
To the extent that this might be a default setting related to a home network, this PC is the only pc on a dsl line w a splitter for a pots phone, a "wireless-network-ready" router (but no other PCs on it) and conventional peripherals-printer, scanner, backup drive, etc.
Is this setting exploitable or created by something malicious?
I can't tell. For example, this document says 3com uses it for server helpfiles:
http://support.3com.com/infodeli/tools/switches/cb3500/cb3500v2/3wug/10011454.pdf
On the other hand, this site: http://www.experts-exchange.com/Security/Q_21476978.html
suggests that it's related to a worm "sdbot.edp" purportedly identified by Panda-- but there's no reference to a worm by that name on Panda's site. So, more suspicion.
You guys know what this is?
Thanks for any help.
S.
0
This discussion has been closed.
Comments
192.168.0.2:139 = Your router.
And I believe 0.0.0.0 = All ip's that your connected to. This state should never be established. You will notice on every single computer you go to there will be 0.0.0.0:* listening. I really dont know too much about 0.0.0.0, so if anyone could elaborate, but it isn't harmful.
Microsofts Reasoning:
"The Winsock application that is listening on the designated port was written so that it binds to any local IP address by using INADDR_ANY. This means that the application will listen to all local interfaces and you can connect to the port of any of them. This is why netstat -an shows IP address 0.0.0.0 listening on the port."
Thanks, Mike. A concern is that I am unable to alter or remove the entry in "trusted sites." Until I can figure it out, I've tightened the security settings for that "zone", but that's not a good resolution.
Unfortunately, ActiveX is needed for some sites that I have to use. There is also a IE7 Beta3 release out. By default, the IE7 is more secure than IE6. So, maybe an upgrade to beta 3.