Every time I start up, Zonealarm reports windows explorer wants to contact
IP 239 255 255 250 port 1900
Who is this and why does this happen. If no-one knows, I can look in the registry for something that does not look right. I will report back here anything I find before any deleting goes on. Which path should I look ?
hkey local, hkey current etc
A previous post here reformatted to cure it.
Something I can't do, but that's another story.

http://grc.com/unpnp/unpnp.htm

Could that be your ISP's DNS IP address? I was getting that kind of alert when I changed from dial up to DSL. It would happen over and over. Once I added the IP address to my trusted zone, it stopped. It was my DSL provider trying to issue me an IP address.

Did you look it up with whois?

This is what arin whois comes up with:

Search results for: 239.255.255.250

IANA (NET-MCAST-NET)
Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
US

Netname: MCAST-NET
Netblock: 224.0.0.0 - 239.255.255.255

Coordinator:
Internet Corporation for Assigned Names and Numbers (IANA-ARIN) res-ip@iana.org
(310) 823-9358

Domain System inverse mapping provided by:

FLAG.EP.NET 198.32.4.13
STRUL.STUPI.SE 192.108.200.1 192.36.143.3
NS.ISI.EDU 128.9.128.127
NIC.NEAR.NET 192.52.71.4

Record last updated on 12-Sep-2000.
Database last updated on 8-Jun-2002 19:59:27 EDT.

Does that give you any clues as to why your computer is trying to contact that ISP?

You can try it here yourself.

http://www.arin.net/whois/index.html

Aslo what does ZA say when you click for more info?

Sorry if you did all this before, I did not see your other post.

Windows Explorer??? Give deny on them, it's sending a snoopy information from your hard drive.

Windows Explorer's just the file manager on hard drive or CD or Floppy..

hi michael,
you may have a buffer exploit in your windows directory and it has something to do with port 1900 and or port 5000. these ports are usually assigned to be used for plug and play utilities in your computer.
if you are using a firewall such as z.a. free or pro, use the maximum stealth and it will close ports 1900 and 5000.
the problem is someone or you may have inadvertantly opened up an e-mail attachment with the buffer overflow exploit, or you may have downloaded something containing an exploit, in anycase something in windows is broadcasting out to that address.
here's some info:
UPnP is a protocol that allows network devices to broadcast self-describing messages for peer-to-peer integration into a network. Two vulnerabilities are present in UPnP. A buffer overflow exists in the Windows XP implementation of the Simple Service Discovery Protocol (SSDP) component of UPnP. Another more generic Distributed Denial of Service (DDoS) or Denial of Service (DOS) risk exists within SSDP as well and affects multiple versions of the operating system.

Affected Versions:
Windows XP
Windows ME
Windows 98SE
Windows 98

Description:
A remotely exploitable buffer overflow exists in the UPnP service of Windows XP A malicious user can transmit a malformed NOTIFY request to a vulnerable machine and overflow an unchecked buffer in the UPnP service This service runs in the SYSTEM context under Windows XP and can result in a full system compromise, allowing the attacker to gain control of the affected machine.

A condition also exists in the implementation of SSDP that could lead to a DOS or DDoS attack by transmitting a malformed NOTIFY directive at a targeted machine or group of machines. The targets can be forced to endlessly transmit HTTP requests to a final target.

Recommendations:
Internet firewalls should be configured to block ports 1900 and 5000.

go to the www.thepublicworks.com and click on wilders.org and download a free version of Trojan Hunter and scan your machine and see what pops up. while your'e there also click on RegProt and download a free copy of this registry monitor, and Procmon and TDImon from Sysinternals a free processes and port monitor.
best of luck and cheers,
murve

I have read the responses several times and it may be sinking in, slowly. I have Win ME.
I received an E-mail a while ago via Hotmail,
from an unknown sender. It was 167KB with no attachment. I always scan attachments from downloads before opening them. Believing this was just text I opened it to find it totally empty. No text, apart from the title. I don't remember what that said, nor do I remember when Zonealarm first reported Windows wanted access to the net, it may be a coincidence. I thought it was normal for Windows to search the net till another post reported the problem and stated exactly the same IP address and port.
I found links to MCAST-NET via alltheweb.com
(thanks Suzi)a site that listed loads of webpages. None looked familiar. From what I
can understand...
I have picked up some sort of bug that changes Windows Explorer settings to search out this address when it should be searching my PC for files and programs. I have scanned with Trojan Hunter, Norton AV, Housecall & AVG, all reported negative.
Rather than use programs to stop Windows searching the net I would rather it was set up as before. Is there no way I can change the settings back to how they were manually ?
Since I don't know when this problem started I don't want to use System restore.
I will read more and check this post each evening.
Thanks.

Yea, I gets a 2 large file size on the Hotmail inbox listing shows that size on the right of screen, 116K and 147K, I never open the mail box and just blocking the UNREAD off the inbox listings and goes to junk box.

Even my own private email got 1 large file, it's blocked and goes into junk box too.

UPnP does not show in the add/remove programs window, would it show if it was installed ? I have not installed it but the ME OS came preinstalled and I'm not sure what's in it (I find new things every week).
I looked in the history of Windows Update via the start button & I have the patch installed from MS to control this exploit.
If this is a bug I picked up, would reinstalling the OS cure it? I am not too keen on installing more programs to keep Windows in check. In the mean time I will try Murves suggestion of RegProt in case it gives me a clue to what has gone wrong.

One more thing you might want to do -

Download AdAware and let it scan your system for spyware. If it finds stuff, you can safely delete it, even registry entries. You can download it here:

http://www.lavasoftusa.com/

Good luck!

Thanks Suzi. I have Ad-aware and after a clean up, re-booting, Windows still wants that address.
A friend from work visited the USA and stayed near to that address & said that place was a Hotel room!!
I have gone into MSCONFIG and turned everything off except Zonealarm and re-started, the PC and it's still there. I am looking for a piece of spyware program left over from something. If I can stop all programs loading at start up except Windows it may shed some light as to the rogue prog. I am also backing up then deleting all files in MY DOCUMENTS folder as this is what shows when I open the Windows file. Rogue MP3 ??
Failing, that there may be an entry in the registry that keeps it kicking in.
If I have to do a reinstall (I don't have a disc, OS was OEM) I will lose a few programs because the back-up disc's that came with the PC are for an older model or are missing. The after sales service is as good as a chocolate tea pot. I will check back here each evening. There are a few people I have found via the net that have this problem and the same address/port number. Just search this site...sorry I'm waffling now.

See http://www.computing.net/security/wwwboard/forum/942.html
All sorted now I hope.