Bing is my home page, everytime I start Firefox TCP ports are opened to Facebook, how can I stop this?
Windows XP 64 bit fully patched
Additional System Details
Every time Firefox opened
This started when...
- Shockwave Flash 11.1 r102
- Cooliris embedded in a tab
- Google Update
- Adobe PDF Plug-In For Firefox and Netscape 10.1.2
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- RealJukebox Netscape Plugin
- RealPlayer(tm) HTML5VideoShim Plug-In
- RealPlayer(tm) LiveConnect-Enabled Plug-In
- Office Live Update v1.5
- Yahoo Application State Plugin version 220.127.116.11
- Java(TM) Platform SE binary
- Java Plug-in 1.6.0_13 for Netscape Navigator (DLL Helper)
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- Adobe Shockwave for Director Netscape plug-in, version 11.0
- Office Plugin for Netscape Navigator
- User Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
What do you mean by Firefox TCP ports. Also, where are you getting this info from?
I run netstat to a file before and after starting firefox and the following shows up.
TCP Slowpoke2:4749 www-10-05-prn1.facebook.com:http ESTABLISHED 1432 [ekrn.exe]
TCP Slowpoke2:4750 www-10-05-prn1.facebook.com:http ESTABLISHED 1432 [ekrn.exe]
Should be fine. Just the facebook server connected to your computer
It is NOT fine, I do NOT want the facebook server connecting to my PC with out my permission.
I can assure you this is NOT a security issue unless you make it one. Do you have any third party Facebook software installed on your computer that checks your status etc? If so, and you are worried, remove it. If you are really that bothered about this, you can block the port in your router, if you have one, but that would mean you can't use facebook. If it causing you problems, you should do a scan for malware using a trusted piece of software. We recommend malwarebytes. If you want to know how trusted your anti-virus is, tell me the name of it.
Well you posted what your problem is... you are using ESET that is connecting to facebook... that's ekrn.exe! just uninstall (NOD?) or other ESET software...
dragoniak, I just found that out, I was just coming on to post, then I got an email pop up, you had answered for me
dcbohn, Remove ESET. Then you have no problem.
Thank you for contacting ESET Customer Care.
This is basically how our web access protection works: ekrn.exe scans all IN/OUT traffic. The communication was started by other application and routed via ekrn.exe to scan for threats. This makes it looks like ekrn.exe was trying to access to facebook (or any other IP address) when in reality is another application. Unfortunately, it is not possible to figure out what application actually downloaded it. The only way would be by disabling Web access protection and see what app starts this communication.
After a temp disable of eset I get this result
TCP Slowpoke2:1162 18.104.22.168.ptr.us.xo.net:http TIME_WAIT 0 TCP Slowpoke2:1164 22.214.171.124.ptr.us.xo.net:http TIME_WAIT 0 TCP Slowpoke2:1166 www-10-01-prn1.facebook.com:http TIME_WAIT 0 TCP Slowpoke2:1168 www-10-01-prn1.facebook.com:http TIME_WAIT 0 TCP Slowpoke2:1170 126.96.36.199.ptr.us.xo.net:http TIME_WAIT 0
Using further tools I discover that when I start facebook /w bing as home page TCP ports are opened to both facebook and google. They soon time out, but still not happy about it. If I goto another page then back to bing, a TCP port opens to facebook. True it times out but I still do not like this.
Start Firefox in Troubleshoot Firefox issues using Safe Mode to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
- Don't make any changes on the Safe mode start window.
You may also be having RSS feeds to Firefox is trying to refresh.
Create a new profile as a test to check if your current profile is causing the problems.
See "Basic Troubleshooting: Make a new profile":
There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.
If that new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.
OK, safemode still opens ports, but a new profile does not open the TCP ports to google and facebook, so the issue is the profile. I frequently use tools such as regedit to fix issues on customers machines so I am not a complete novice. Are there any tools to edit the firefox profiles or are they part of the windows registry file itself?
You can check if it is caused by bookmarks or other data stored in places.sqlite by copying that file to as new profile.