Launching Firefox raises security consideration that outlook has modified ...

This is the text of the message. Does this indicate a trojan?
"outlook.exe has modified the user interface of the parent explorer.exe

Why would outlook be involved? I’m just starting firefox?

Did you start firefox from a link inside an email?


PS: Welcome to the forums!

Nope. I just tried it. I had IE open to visit this forum. Outlook was closed. I launched firefox and the message is telling me that IE has tried to use …explorer.exe through OLE Automation.

That is odd; I don’t think it’s that common to see interactions between these in that way. I’ve usually seen them between other Office applications and the email client, or browser.

Here’s the basic explanation of what goes on… Windows components (applications, etc) communicate behind the scenes in ways the user is not normally aware of. Because of these communications, shared components, and whatnot, there can be residual ‘connections’ between applications left well after one is closed. This activity is perfectly normal and not a cause for concern.

The reason that CFP monitors and gives alerts for these is that the same behavior is used by some malware trying to exploit known activities in an effort to gain internet access. In that event, however, you won’t see an alert between two known applications - it will be from an unknown application interacting with a known one.

The rule of thumb from the leader developer of the firewall is that if you are familiar with both applications, it is safe to Allow with the ‘Remember’ box checked, so that you won’t see that particular alert again. The time for concern is if some other application you’ve never heard of is trying to interface with your browser.

Hope that helps, even though it’s not an exact answer to your question.


Actually I’m still not satisfied that my system is clean. Comodo notifies me when outlook is using ole to open a connection. It’s odd that it will show multiple connections (IP Addresses) that I’m not familiar with. I’ve traced some of them and they go to places that are unavailable which is troubling.

So, if this happened to you, what would you do to source out if there is a trojan? I have nod32 antivirus, spybot, the comodo firewall and am a fairly technical person. How can my system be throughly checked beyond these problems?


Hmm, I’d probably be suspicious, too. I’ve not seen Outlook connect anywhere except my mail server… Personally, my next step would probably be to run some online scans (non-resident) at sites like:

Individual files can be submitted at sites like:

We also have a board dedicated to helping with tracking down and removing malware, if present. This would be the place to start, here in the forums. We’ve got folks that can provide detailed guidance, analyze HijackThis reports, and so on.

Within that board, this thread is where you’ll start first, to see what information is requested for your initial post: