X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Bing is my home page, everytime I start Firefox TCP ports are opened to Facebook, how can I stop this?

Posted

Windows XP 64 bit fully patched

Additional System Details

This happened

Every time Firefox opened

This started when...

Unknown

Installed Plug-ins

  • Shockwave Flash 11.1 r102
  • Cooliris embedded in a tab
  • Google Update
  • 4.1.10111.0
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.2
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • RealJukebox Netscape Plugin
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • 12.0.1.609
  • Office Live Update v1.5
  • Yahoo Application State Plugin version 1.0.0.7
  • Java(TM) Platform SE binary
  • Java Plug-in 1.6.0_13 for Netscape Navigator (DLL Helper)
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • Adobe Shockwave for Director Netscape plug-in, version 11.0
  • Office Plugin for Netscape Navigator

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2

More Information

Tom Farrow 10 solutions 100 answers

What do you mean by Firefox TCP ports. Also, where are you getting this info from?

Question owner

I run netstat to a file before and after starting firefox and the following shows up.

TCP    Slowpoke2:4749         www-10-05-prn1.facebook.com:http  ESTABLISHED     1432    [ekrn.exe]
 TCP    Slowpoke2:4750         www-10-05-prn1.facebook.com:http  ESTABLISHED     1432     [ekrn.exe]
Tom Farrow 10 solutions 100 answers

Should be fine. Just the facebook server connected to your computer

Question owner

It is NOT fine, I do NOT want the facebook server connecting to my PC with out my permission.

Tom Farrow 10 solutions 100 answers

Helpful Reply

I can assure you this is NOT a security issue unless you make it one. Do you have any third party Facebook software installed on your computer that checks your status etc? If so, and you are worried, remove it. If you are really that bothered about this, you can block the port in your router, if you have one, but that would mean you can't use facebook. If it causing you problems, you should do a scan for malware using a trusted piece of software. We recommend malwarebytes. If you want to know how trusted your anti-virus is, tell me the name of it.

dragoniak 0 solutions 3 answers

Well you posted what your problem is... you are using ESET that is connecting to facebook... that's ekrn.exe! just uninstall (NOD?) or other ESET software...

Tom Farrow 10 solutions 100 answers

dragoniak, I just found that out, I was just coming on to post, then I got an email pop up, you had answered for me

dcbohn, Remove ESET. Then you have no problem.

Question owner

Thank you for contacting ESET Customer Care.


This is basically how our web access protection works: ekrn.exe scans all IN/OUT traffic. The communication was started by other application and routed via ekrn.exe to scan for threats. This makes it looks like ekrn.exe was trying to access to facebook (or any other IP address) when in reality is another application. Unfortunately, it is not possible to figure out what application actually downloaded it. The only way would be by disabling Web access protection and see what app starts this communication.

Question owner

After a temp disable of eset I get this result

 TCP    Slowpoke2:1162         216.156.225.35.ptr.us.xo.net:http  TIME_WAIT       0
 TCP    Slowpoke2:1164         216.156.225.35.ptr.us.xo.net:http  TIME_WAIT       0
 TCP    Slowpoke2:1166         www-10-01-prn1.facebook.com:http  TIME_WAIT       0
 TCP    Slowpoke2:1168         www-10-01-prn1.facebook.com:http  TIME_WAIT       0
 TCP    Slowpoke2:1170         216.156.225.32.ptr.us.xo.net:http  TIME_WAIT       0

Question owner

Using further tools I discover that when I start facebook /w bing as home page TCP ports are opened to both facebook and google. They soon time out, but still not happy about it. If I goto another page then back to bing, a TCP port opens to facebook. True it times out but I still do not like this.

cor-el
  • Top 10 Contributor
  • Moderator
10753 solutions 96760 answers

Start Firefox in Troubleshoot Firefox issues using Safe Mode to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).

You may also be having RSS feeds to Firefox is trying to refresh.


Create a new profile as a test to check if your current profile is causing the problems.

See "Basic Troubleshooting: Make a new profile":

There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.

If that new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.

See:

Question owner

OK, safemode still opens ports, but a new profile does not open the TCP ports to google and facebook, so the issue is the profile. I frequently use tools such as regedit to fix issues on customers machines so I am not a complete novice. Are there any tools to edit the firefox profiles or are they part of the windows registry file itself?

cor-el
  • Top 10 Contributor
  • Moderator
10753 solutions 96760 answers

You can check if it is caused by bookmarks or other data stored in places.sqlite by copying that file to as new profile.