 |  |  |  |  |  |  |  |
Weird connections when using netstat
 |
•
•
Join Date: Nov 2006
Posts: 62
Reputation: 
Solved Threads: 0
Junior Poster in Training
My internet connection has been going pretty slow lately. I've scanned for viruses and spyware but didn't find anything. So anyway I came across something that concerns me a little bit. I used netstat -o to view established connections and there's some open for weird things like this for example:
TCP michael-desktop:1715 downloads.aaa1screensavers.com:1716 ESTABLISHED 3084
I am of course a little suspicious of these. They all seem to have the same PID as well. On Windows though I don't know how to look up which process is assigned to which PID. Does this look like malware to anyone else? How can I find more information on this process and removing it? Also, would it be reasonable to assume that this is causing slowdown? There are 7 of these "weird" connections open.
TCP michael-desktop:1715 downloads.aaa1screensavers.com:1716 ESTABLISHED 3084
I am of course a little suspicious of these. They all seem to have the same PID as well. On Windows though I don't know how to look up which process is assigned to which PID. Does this look like malware to anyone else? How can I find more information on this process and removing it? Also, would it be reasonable to assume that this is causing slowdown? There are 7 of these "weird" connections open.
Last edited by mps727; Feb 26th, 2007 at 8:12 pm.
•
•
Join Date: Nov 2006
Posts: 62
Reputation:
Solved Threads: 0
Junior Poster in Training
Also, I think I forgot to make it clear, but I was wondering for future reference how to find out what process is assigned to the PID so I can determine what is establishing the connection.
•
•
Join Date: May 2006
Posts: 1,827
Reputation: 
Solved Threads: 118
plug out the network cable for few minutes, and replug and see if the program is still running, the process is using port 1715, so either block the port or find out the process and kill it
Assignment Help | Web Design Service | Homework Help | 498a
Programming Help | Need Help ? | Job Interview | Top 10 Hosts
Programming Help | Need Help ? | Job Interview | Top 10 Hosts
•
•
Join Date: Jan 2007
Posts: 1,763
Reputation:
Solved Threads: 85
if you want to block the connected url permanently, you can enter it into the hosts file, with an ip of 127.0.0.1
that way any malware/spyware won't be able to find it and connect to it
that way any malware/spyware won't be able to find it and connect to it
Real stupidity always beats Artificial Intelligence. (Terry Pratchett)
BA BizMg, MCSE, DCSE, Linux+, Network+
BA BizMg, MCSE, DCSE, Linux+, Network+
•
•
Join Date: Jan 2007
Posts: 1,763
Reputation:
Solved Threads: 85
if you want to block the connected url permanently, you can enter it into the hosts file, with an ip of 127.0.0.1
that way any malware/spyware won't be able to find it and connect to it
that way any malware/spyware won't be able to find it and connect to it
Real stupidity always beats Artificial Intelligence. (Terry Pratchett)
BA BizMg, MCSE, DCSE, Linux+, Network+
BA BizMg, MCSE, DCSE, Linux+, Network+
•
•
Join Date: Jan 2007
Posts: 1,763
Reputation:
Solved Threads: 85
damn, that was a glitch in the matrix
sorry mods, please erase the extra posts
thanks )
sorry mods, please erase the extra posts
thanks )
Real stupidity always beats Artificial Intelligence. (Terry Pratchett)
BA BizMg, MCSE, DCSE, Linux+, Network+
BA BizMg, MCSE, DCSE, Linux+, Network+
Especialy good when you notice your internet running continously when you havn' even opend a window yet !!
Start
Run
Type 'cmd'
Type 'netstat'
You will see the strange connection name & ip
If you cant find the ip number type 'nslookup (domain name)' then enter
Once you got Ip and domain name install X-Netstat a free software that can kill and monitor those connections.
Open the program and click refresh, find the connection through the ip or domain name you have and kill it (Kill button).
BUT
Depending on the trojen or whatever the case may be it can come back, annoying.
Under the process section you can see the processes name, remember it.
Press Ctrl+Alt+Dlt
Click Processes tab
Find it and kill
Problem solved
Back to Sleep
Start
Run
Type 'cmd'
Type 'netstat'
You will see the strange connection name & ip
If you cant find the ip number type 'nslookup (domain name)' then enter
Once you got Ip and domain name install X-Netstat a free software that can kill and monitor those connections.
Open the program and click refresh, find the connection through the ip or domain name you have and kill it (Kill button).
BUT
Depending on the trojen or whatever the case may be it can come back, annoying.
Under the process section you can see the processes name, remember it.
Press Ctrl+Alt+Dlt
Click Processes tab
Find it and kill
Problem solved
Back to Sleep
tips:
try removing startup items...
update your antivirus/spyware
check with the firewall settings...
Regards,
Pappu R.
try removing startup items...
update your antivirus/spyware
check with the firewall settings...
Regards,
Pappu R.
|
Similar Threads
- Solid hard drive light, no beep, no bios, no boot, weird odor (Troubleshooting Dead Machines)
- "No more connections can be made..." Error after years of normal function (Windows NT / 2000 / XP)
- One way ping problem (Networking Hardware Configuration)
- Unneeded outgoing connections - Tiny Personal Firewall issue (Windows NT / 2000 / XP)
Other Threads in the Network Security Forum
- Previous Thread: Designing a secure network
- Next Thread: Information classification needs more than a James Bond top secret stamp
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
adobe advice antivirus apple attack barackobama blackmail bot botnet breach browser business cellphone china civilliberties crime cybercrime cyberwarfare daniweb data database dataloss dataprotection development email emailretention encryption exploit facebook forensic fraud gartner google government hack hacker hacking hardware hotmail ibm identitytheft idtheft information infosec internet iphone kaspersky kernel law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama olympics p2p password passwords pdf pentagon phishing politics privacy report research safari satnav scam search security socialnetworking software sophos spam survey symantec symbian terrorism terrorist trends trojan twitter uk usb virtualization virus vulnerability warning web wireless worm yahoo youtube
