CBupdater.exe is receiving inbound connections...

Jabbit · September 19, 2008, 3:20am

Well, I just notticed CBupdater.exe was listenting some ports, and receiving inbound connections, and sending outbound connections… to some unknown IPs. Is this normal? The addresses were not always the same. I will give details:

TCP OUT 207.46.27.70:1863 (Microsoft Corp)
TCP OUT 207.46.110.60:1863 (Microsoft Corp)
TCP IN 200.83.126.222:12000 (LACNIC)

I checked the IPs at ARIN WHOIS Database, and found it was sending data to Microsoft… ???

I have blocked the inbound and outbound connections, until I get some info about if this is a normal behaviour. Spybot Search&Destroy and Avast! say the file is not infected, and it is not spyware… but I am still unsure about why it needs to talk with MS.

I will attach a screenshot of the connection, as I said, it changed in time…

[attachment deleted by admin]

JJasper · October 20, 2008, 2:29am

Hi Jabbit

This doesn’t sound normal to me. Backup only connects to the Comodo server wherever that is, check the status of the backup, and then closes immediately after. When I try it now it connects to 91.199.212.132 briefly for a second and then shuts down the connection.

Do you have a hotmail or MSN account that it would notify you of updates? I know this is a loooong shot but I can’t think of any reason for it to phone M$. I believe 64.4.36.61 is hotmail.

John