Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox.exe Tries to Connect to 127.0.0.1? So does jqsnotify.exe? Etc.?

  • 13 cavab
  • 17 have this problem
  • 6 views
  • Last reply by Svetlana

more options

Whenever I start Ffx 3.6.13, my firewall alerts me that firefox.exe is trying to connect TCP Out to 127.0.0.1:443(https). Three or 4 seconds later, alerts for jqsnotify.exe TCP out to 127.0.0.1:5152. Others, incl. AAWService.exe (Ad-Aware) (when commanded to open or update). On a Windows startup and on restart, during the login to my Admin user account, Explorer.exe tries to connect 127.0.0.1.

Whenever I start Ffx 3.6.13, my firewall alerts me that firefox.exe is trying to connect TCP Out to 127.0.0.1:443(https). Three or 4 seconds later, alerts for jqsnotify.exe TCP out to 127.0.0.1:5152. Others, incl. AAWService.exe (Ad-Aware) (when commanded to open or update). On a Windows startup and on restart, during the login to my Admin user account, Explorer.exe tries to connect 127.0.0.1.

Modified by FFx

All Replies (13)

more options
more options

OK, Gryllida, thanks, will try. I just now updated/corrected my initial post again, FYI.

P.S. - (a) The Forum window displayed to me AFTER posting my opening, is lacking most of the info I posted there, including the Troubleshooting details with critically important things. Are you seeing all those data, or is your view restricted as mine, to a single paragraph ending with APAgent.exe? (b) Do you know how many characters are allowed, in the first text entry window under the subject question? Mozilla.org ought to post their capacities by each window.

Modified by FFx

more options

Stage 1 Result:

  Your link to microsoft.com offered me a download of the Windows MRT which I already updated per Patch Tuesday and have run it a couple of times since then. I have been updating and running it every month for years. It hardly ever reports finding anything, and it didn't report finding nothing, and I couldn't find any results file on the system drive. 

  Any comments?
more options

Not really, please just try a few scans and let us know if they find anything.

more options

Well, back to work. Windows Malicious Software Removal Tool (windows-kb890830-v3.16.exe) (February 2011) scanned the short scan and found nothing - nada. I am proceeding now to download another of your recommended scanners, and will report result.

BTW - The Forum window displayed to me AFTER posting my opening, is lacking most of the info I posted there, including the Troubleshooting details with critically important things including local system description. It is irritating, having done all that work to give a clear and complete picture of the issue - that Mozilla.org should set up a less than fully functional forum, here. Are you seeing all those data, or is your view as restricted as mine, to a single paragraph ending with "Explorer.exe tries to connect 127.0.0.1."? Please tell me, while I am working.

more options

Your post seems to be full

We're waiting for next scans results.

more options

127.0.0.1 is a local address (local host). Firefox uses that loopback connection to communicate with the Software Security Device.

See:

more options

Gryllida, "seems to be full" is a bit obscure to me. One guess I could make is, you know what "full" means in terms of characters allowed, although I do not. (Each of these message balloons stretches in size to contain the words it contains - so any inflated balloon is always "full." ) How full is full? How many chars.?

Modified by FFx

more options

Gryllida, I ran Spybot a while ago, and it found a sizeable number of items that were invalid shortcuts, and I authorized removal of those. Haven't seen any adverse reaction yet. So, then I ran a registry-only scan, and it found three red items in Internet Explorer keys, one of those in HKLM and the other two in different userpaths in HKU. Path of each is HKLM\(user account code S-1-5-xxx)... or "HKU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe [is not] W=1". FYI, I had installed the Cumulative Security Update for IE (KB2482017) last week, after the Patch Tuesday items and then after the Silverlight update. So, I told it to correct these items.

more options

Gryllida - So, after Spybot ran it process on those three keys, it jiggled the entries in the results window, but nothing visibly changed in the listed items, each still contains the "funny-looking" (to this untrained user) appendages following \iexplore.exe, i.e. ..."\iexplore.exe [is not] W=1"

  Can you enlighten me a little, on the meaning and significance of these, what shall I call them, "parameters?"
more options

cor-el, Thanks for that information. I had supposed that the use by HOSTS file of 127.0.0.1 to "dead-end" anything outbound toward a known malicious hostname/IP meant that this loopback would have no impact on the system software. But, you said otherwise. What does the term mean, "the Software Security Device"? It's a new term to this untrained user of Win 3.0 through XP.

Modified by FFx

more options

Here's a related item. Just saw a Comodo firewall alert (Comodo Internet Security Complete 2011 v5.3) saying that svchost.exe was trying to receive a connection from the Internet giving IP address (on my LAN) of my NetGear WNR2000 router, that is connected via CAT 5e, 10/100BASE-T lines between my DSL modem (ISP is AT&T) and my HP Pavilion PC, and also, my HPLJ wireless-capable printer is on the same 172.16.0.xxx network, connected through the 802.11n wireless part of this router. The same IP of the router is listed in Windows Local Area Connection Status > Support > Details for Default Gateway, DNS Server, and DHCP Server, all of these are provided Automatically in TCP/IP Properties and were not set manually. Is this safe to Allow? I have been blocking these incoming connections whenever I can. Over to you. It's past my bedtime, so, good night for tonight.

Modified by FFx

more options

not sure whether the connections really matter until you find any other symptoms, specifically taken that the programs found no malware.

How to stop Firefox from making automatic connections once again can explain some but not sure whether there are any other programs making connections.

http://www.wireshark.org/ can help to get a more detailed overview of the connections your machine is making.

Modified by Svetlana