Do a "netstat -a" after you shut down this app's interface AND task bar icon. Guess what? There you'll see this application still has a hidden connection to the Internet! Even after waiting a reasonable time, the hidden connection is still there. The only way to break the connection is to reboot your system!

Why is there hidden connection?
Why doesn't everything get shut down when the interfaces are shut down?
Why doesn't the hidden connection show up in the Task Manager or as a service?

This is no accident. This is intentional!

I see no hidden connection here on my system.

But I would offer help to make your system clean: Please run a new version of Adaware + an updatted virus scanner, anything found? If not, close all other accesories you might use... and check again with netstat -na (the -n is slightly faster, it performs no revers DNS lookups). Post details of the hidden connections found, to ensure we can help. Don't panic, man!

Yea Moak is right, no spyware no trojans...

Xolox is free...

Morgwen

You have to wait 5 minutes or so for Netstat to realize the ports are no longer listening. You don't have to reboot. -JL

I shut down the xolox client and did this and to my dismay. There were 3 active connections to my computer. Dont try to tell me its a delay dropping the connection either. I have a few easy steps for solving this:

Click Start/settings/control panels/add remove programs.

Highlight xolox

click add remove

click yes

click delete all files

VOILA!!!!! problem solved. and if another Gnutella client crashes my system after I uninstall it!!!!!!!

There are not 3 connection on my computer, neigther constantly or occasionally pointing on trojans.

Please post details of the hidden connections found, to ensure we can help and track down your problem. Those internet connections you see may caused from software you use, so make sure you shut down all programms, e.g. do not use internet explorer while sniffing for dangerous trojans. If you provide more information, we can help to clean your system:

1. Use an anti virus scanner, e.g. http://www.mcafee.com/
2. Use Adaware http://www.lavasoftusa.com/
3. Copy/paste your netstat output (including IPs/ports/state).

Don't panic, man! Don't spread false rumors!

After reading this thread, I kept an eye on XoloX, especially after shutting it down. This is what I found out: Ocassionally, it keeps some connections open, even after the systray icon disappeared. But they are all either incoming or outgoing gnutella network connections. There was no listening socket. I suppose, it's trying to correctly log off from the network, but I could not find proof for that as I forced it to exit. So, if it still runs, even if you told it to exit, and if you're impatient, just press ctrl-shift-escape, or ctrl-alt-del, or whatsoever and remove it by yourself.

Hi,
incoming gnutella connections are nothing really speciall(especially after sharing files). It's good to know that others confirm there is no remaining listening socket. Just to make sure, paranoia rules.

I wonder about outgoing gnutella connections (I see no remaining threads here and the TCP shutdown-code is usually quicker than humans recognize), could you post details?

Moak

Here's what you have to remember: The systray icon is NOT the program. The program simply adds the icon to the systray as a different way to interact with it.

Now, when you choose 'Exit' on that systray icon, the program immediately removes the icon. THIS DOES NOT MEAN XOLOX HAS SHUTDOWN. The main XoloX window is still there, just hidden.

Eventually it will shutdown. It's not doing anything nefarious (it creates no new connections during this period), IT'S JUST SLOW. They should immediately post a close message when they drop the icon, but I suppose the program spends an extended time in its communications loop before polling for system messages or something.

In short: There is no trojan here, just some shutdown code that needs to be rewritten.

-3vi1

Could you give details about what is slow and how long the shutdown code was active in your worst case?

I did use some tools to investigate Xolox, e.g. MSVC Spy++ or TaskInfo2000 and didn't mention any hidden window or task after shutting down Xolox at all. This is what I mean with the TCP shutdown-code (of XoloX) is usually quicker than humans recognize. When you mention any short time persistant window, please give us name and class so we can further investigate.

Moak