P
Pop
Hi,
I didn't stump you last time, so I'll try again <g>. I had a
warning today that my browser wanted to go to sa.windows.com.
Hmm, says I, what's that? Says it's locally initiated, and I
know my machine's clean, so I says to myself, self ... .
Whois shows ca.windows.com to be MS all right, and the IP
matched, so I tried to access it via my browser.
Using either sa.windows.com OR 207.46.248.249 takes me to a
"forbidden to view" page. So I says to myself, "HUH?" So I
banged on the door quickly a few times, and managed to slip in,
only to get "Under Construction" and something about IIS. Again,
I says to myself, "huh?" After a few more minutes of fiddling
and making sure I wasn't in some warez cave or such, I had to
give up on getting anything further.
MSN search says "Sorry, no results were found containing
"sa.windows.com"
Google got a few hits, but nothing meaningful (to me). There
were indications of IIS, Search Companion, SP 1, and a few other
things but everything seemed to go in circles. I WAS doing
Google searches on some EXE's at the time, but nothing else. OE
was open, as was Task Manager.
System:
XP Pro, SP 2/hotfix, all av, spyware, firewall etc. up to date
as of yesterday. The ONLY change I've noticed is the
boot-bullets now cross about 14 to 15 times instead of the usual
8 to 9. ONCE the time from the bullets to a usable desktop
slipped out to thirty secs or so, but another Restart seemed to
take care of that, but the bullets remain about 14 trips across.
One of the hits at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/23_xpsch.mspx
contained the following, amongst lots of other stuff I have
nothing to do with, far as I know:
-------------------
"Search Companion uses XML files to define both UI and some
functional parameters of its tasks (for example, what list of
file extensions comprises the "Music" category of files). The
first time in each Search Companion session that an XML file is
referenced, Search Companion checks to see if a later version of
that XML file is available from sa.windows.com. The "check" is
really a file download request, conditioned on the modified date
of the file. If there is a later version of the XML file, Search
Companion downloads it and replaces the earlier version. The XML
files are located in a language-specific subfolder of
\Windows\srchasst\, and if the current user does not have
administrative credentials, the old XML file cannot be
overwritten.
This section describes various aspects of the data that is sent
to and from the Internet through Search Companion, and how the
exchange of information takes place:"
------------------
Please keep in mind, this all started with a popup info message
that simply said IE wanted to go to sa.windows.com as you answer
the following questions I have. Generalized response
appreciated; it looks like there might be many reasons for this,
IFF it's legit.
-- WHY does IE want to go there? I know IE does a lot of
covert operations, so I'm not real surprised. But - huh?
-- If IE can go there, why can I NOT go there? Why does my
browser have permission to open the page, but I don't?
-- If I did manage to bang the door open when I knocked quickly,
why would IE be trying to open a page that's under construction
at MS? Maybe it's meaningless, but a ref to something like that
doesn't make sense for XP.
-- Why would this message have just started? This isn't a new
system and to my knowledge, IE has never tried to go there
before. Why would it now?
-- And finally, what the hell IS sa.windows.com for?
Thanks in advance folks,
Pop
I didn't stump you last time, so I'll try again <g>. I had a
warning today that my browser wanted to go to sa.windows.com.
Hmm, says I, what's that? Says it's locally initiated, and I
know my machine's clean, so I says to myself, self ... .
Whois shows ca.windows.com to be MS all right, and the IP
matched, so I tried to access it via my browser.
Using either sa.windows.com OR 207.46.248.249 takes me to a
"forbidden to view" page. So I says to myself, "HUH?" So I
banged on the door quickly a few times, and managed to slip in,
only to get "Under Construction" and something about IIS. Again,
I says to myself, "huh?" After a few more minutes of fiddling
and making sure I wasn't in some warez cave or such, I had to
give up on getting anything further.
MSN search says "Sorry, no results were found containing
"sa.windows.com"
Google got a few hits, but nothing meaningful (to me). There
were indications of IIS, Search Companion, SP 1, and a few other
things but everything seemed to go in circles. I WAS doing
Google searches on some EXE's at the time, but nothing else. OE
was open, as was Task Manager.
System:
XP Pro, SP 2/hotfix, all av, spyware, firewall etc. up to date
as of yesterday. The ONLY change I've noticed is the
boot-bullets now cross about 14 to 15 times instead of the usual
8 to 9. ONCE the time from the bullets to a usable desktop
slipped out to thirty secs or so, but another Restart seemed to
take care of that, but the bullets remain about 14 trips across.
One of the hits at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/23_xpsch.mspx
contained the following, amongst lots of other stuff I have
nothing to do with, far as I know:
-------------------
"Search Companion uses XML files to define both UI and some
functional parameters of its tasks (for example, what list of
file extensions comprises the "Music" category of files). The
first time in each Search Companion session that an XML file is
referenced, Search Companion checks to see if a later version of
that XML file is available from sa.windows.com. The "check" is
really a file download request, conditioned on the modified date
of the file. If there is a later version of the XML file, Search
Companion downloads it and replaces the earlier version. The XML
files are located in a language-specific subfolder of
\Windows\srchasst\, and if the current user does not have
administrative credentials, the old XML file cannot be
overwritten.
This section describes various aspects of the data that is sent
to and from the Internet through Search Companion, and how the
exchange of information takes place:"
------------------
Please keep in mind, this all started with a popup info message
that simply said IE wanted to go to sa.windows.com as you answer
the following questions I have. Generalized response
appreciated; it looks like there might be many reasons for this,
IFF it's legit.
-- WHY does IE want to go there? I know IE does a lot of
covert operations, so I'm not real surprised. But - huh?
-- If IE can go there, why can I NOT go there? Why does my
browser have permission to open the page, but I don't?
-- If I did manage to bang the door open when I knocked quickly,
why would IE be trying to open a page that's under construction
at MS? Maybe it's meaningless, but a ref to something like that
doesn't make sense for XP.
-- Why would this message have just started? This isn't a new
system and to my knowledge, IE has never tried to go there
before. Why would it now?
-- And finally, what the hell IS sa.windows.com for?
Thanks in advance folks,
Pop