I think the following problems are related. (I am using ME and IE5.5 with C/D/E drives = Master/Slave/2nd Partion on Master).

1. On boot-up I began getting new alerts from ZA that Windows Explorer was attempting to access the internet. If I OK'd the alert then no attempt to actually dial-up would be made and I was not on line. I could not discover where this was originating (even when all startups were disabled using msconfig).

2. After a clean install and a download of Critical Components from Windows Update I thought I would try Norton IS-2001 before installing ZA. At every new boot-up three separate Windows-Explorer Windows would open for the C,D and E drives. This only stopped when I prevented NIS from starting at boot-up. I then installed ZA and as before the same Windows Explorer Alerts would run as soon as ZA was loaded.

3. A New ZA Alert also started for "Windows Catalogue Registration", which I have solved from a Google Search which led me to http://www.computing.net/windowsme/wwwboard/forum/13624.html. This is something to do with XP certification and is cured by unchecking the "Check for Publisher's Certificat Revocation" in the IE Tools. The Windows Explorer Alerts still arise though.

4. It is possible that (originally) these Window Explorer Alerts also began after I downloaded the same Critical Components - but I can't be 100% sure of this.

Does anyone know if these issues have resulted from the Critical Components download and/or how I can prevent these three Windows from opening when I use NIS??

Are M$ misbehaving yet again!! http://www.PCGuide.com/ubb/tongue.gif

Paul

I have partially found the answer to my problem (I think! http://www.PCGuide.com/ubb/frown.gif ). The following is an extract from: http://www.chipcenter.com/eexpert/gdorman/gdorman035.html

"After installing Norton Internet Security 2001, I discovered why the game controller self-installed. When Me boots, just after the login screen, it accesses the Internet via explorer.exe. Norton caught the attempt and I stopped it, not knowing what it was. A second attempt was made by a program, ssdpsrv.exe, which I also aborted. Each program made three attempts at access. I denied all of them for the time being. Norton issues a report on the attempted access, giving the name of the program, the protocol, and the port of the attempted access. I wrote everything down and then emailed Gateway again, describing in detail what I was experiencing. Gateway's reply was to contact my ISP!!! Ok, I replied back, and told the tech to forward my email to his supervisor or someone who understood what I was writing about. After several emails, I gave up. Gateway was not familiar with the issue. I had to solve the problem myself.

The protocol being used is UDP, and the system attempts to access a Web site with the address 239.255.255.250 via port 1900. Both explorer.exe (outbound) and ssdpsrv.exe (inbound) are involved in this access. I would not mind, except neither Microsoft nor Gateway have informed me of this situation, and it is a possible security issue. The protocol is known as Simple Service Discovery Protocol, and it is primarily used for detection and installation of UPnP devices on the fly. Using spamcop's excellent host tracking service, I discovered that the IP belongs to www.ep.net. (http://www.ep.net.) Using the arin whois database, I found that the IP is registered with the University of Southern California as m-cast.net. They "own" IPs 224.0.0.0–239.255.255.255.

Some further Sherlocking revealed the following information from MS on their knowledge base support.microsoft.com/support/kb/articles/Q262/4/58.ASP?LN=EN-US&SD=gn&FR=0, and includes the following additional information:

In Windows Me, Universal Plug and Play functionality is provided by the following files:
Ssdpapi.dll—This component provides the Simple Service Discovery Protocol (SSDP) Application Programming Interface (API) for Universal Plug and Play.

Ssdpsrv.exe—This component provides SSDP and GENA services.

Upnp.dll—This component provides the core Universal Plug and Play search and description functions for devices and services.

Upnpui.dll—This component provides the interface for device notification and manipulation.

At this time, I am assuming that explorer.exe calls one or more of these dlls.

Perhaps Microsoft will eventually explain what it is they are doing. It is not much different from the so-called adware or spyware that, when installed on a computer, let certain people know what you are doing, unbeknownst to you." END OF QUOTE

Has anyone any comments on this AND how I can prevent the C/D/E Windows from opening when NIS2001 is installed and set to run at start-up?? Also has anyone any thoughts about this as a security issue??

Paul K
Take nice care of yourselves. http://www.PCGuide.com/ubb/smile.gif

Hi there Paul
Have you tried doing a search for the files and re-naming them to *****.old
and then see what happens. If the problem dissapears and no side effects on your computer just delete the files

------------------
Ernie

Thanx Ernie

I might try that (for the fun of it hehe). I've stopped using NIS (which came as bundled software) and just use NAV plus ZA, so those windows are suppressed for now. More seriously I'd really like to understand what M$'s UPnP is all about. (It doesnt appear in my Control Panel however) and whether Symantec's NIS2001 is just unmasking it or whether there is something to debug. http://www.PCGuide.com/ubb/eek.gif

Paul

[This message has been edited by Paul Komski (edited 11-28-2001).]

I have finally found out that the WindowsExplorer window-opening is a known fault of NIS SymantecInfo (http://service2.symantec.com/SUPPORT/nip.nsf/ddb3f5ca22507b08852569370052afd6/026cceacd2e609f78525695f0061c6be?OpenDocument&Highlight=0,explorer,windows) especially when using WinME (like I am) but also can happen with Win98.

The other "strangeness" (WinME and Whistler at boot-up) with WindowsExplorer trying to access the internet using "Multicast"/"UPnP" to 239.255.255.250 Port1900 has me totally stumped. http://www.PCGuide.com/ubb/rolleyes.gif

Does anyone know what that is all about and whether it is (a) a M$ security flaw or (b) a Spyware capability?? - or can one disregard it?

Take nice care everyone. Paul.

Is there a way of the author of a post deleting a doubly-submitted post? (ie Like this one) http://www.PCGuide.com/ubb/frown.gif

[This message has been edited by Paul Komski (edited 12-04-2001).]

I don't know how to stop win ME from doing this but I bet it is a pain in the butt for dialup users. Win XP is worse about this but most people don't notice it because XP has a builtin firewall and it lets any program that Microsoft wants connect to the internet if you disable XP's firewall and install a third party firewall you will find out that Xp has a constant connection to the internet via Windows Messenger and every time you install software XP contacts Microsoft to check if the software is on the compatibility list if it isn't it will caution aginst installing it and if its hardware drivers it will refuse to install them or install them than disable them on the next boot. It is kinda like uncle Bill babysitting me and doesn't want me to mess with my computer! I think Windows XP is the ultimate Spyware it has all the others beat hands down. I think Microsoft uses more of my bandwidth than I do.

------------------
Alright who messed it up this time!

Rond36 Just love your last sentence. http://www.PCGuide.com/ubb/biggrin.gif

Success! (well sort of). These packets sent-out by W.Explorer on boot-up do relate to UPnP (and have nothing to do with the NIS "bug"). I have quite simply been able to stop them being sent-out by going to Windows SetUp\Communications\Details and UNchecking Universal Plug and Play. This
is apparently installed by default in both WinME and WinXP but has to be
specifically downloaded if needed on Win9x. I got onto this from a LavasoftNewsgroup (http://www.lavasoft.de/cgi-bin/forums/ikonboard.cgi?s=3c0e82100c35ffff;act=ST;f=19;t=6)

It IS apparently a low grade security flaw and there is other
information at M$'sTechNet (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-054.asp)

Does anyone know if I will be missing anything by removing UPnP? What is it for?? I just get real suspicious of any "sneaky" internet access - but I think it pays to be a bit paranoid in this whole area. http://www.PCGuide.com/ubb/redface.gif

Take care of yourselves everyone - Paul http://www.PCGuide.com/ubb/cool.gif



[This message has been edited by Paul Komski (edited 12-05-2001).]

BTW there is a way to not post a reply if you change your mind you just hit the clear fields (right next to the submit reply) button than your brouser's back button

------------------
Alright who messed it up this time!

Duhhh! I guess I'm really slow on the uptake - but then I am new to WinME. I s'pose everyone else knows that UPnP is a new (? up-and-coming) technology that will allow connection/integration of household and office application via a PC. I finally found some "informative" information about it HERE (http://www.upnp.org/download/UPNP_UnderstandingUPNP.doc) and a Vendors' MemberForum HERE (http://upnp.org/) Dont know why ME has to have it enabled by default and then have no real inormation about in its Help Files though.

And now I'm gonna stop replying to my own questions in this thread. LOL http://www.PCGuide.com/ubb/biggrin.gif

Thanks rond36 - Everything is so easy when you know how!! http://www.PCGuide.com/ubb/wink.gif

Over and out; Best wishes - Paul.