Weird connections when using netstat

Question

mps727 0 Junior Poster in Training

17 Years Ago

My internet connection has been going pretty slow lately. I've scanned for viruses and spyware but didn't find anything. So anyway I came across something that concerns me a little bit. I used netstat -o to view established connections and there's some open for weird things like this for example:

TCP michael-desktop:1715 downloads.aaa1screensavers.com:1716 ESTABLISHED 3084

I am of course a little suspicious of these. They all seem to have the same PID as well. On Windows though I don't know how to look up which process is assigned to which PID. Does this look like malware to anyone else? How can I find more information on this process and removing it? Also, would it be reasonable to assume that this is causing slowdown? There are 7 of these "weird" connections open.

6 Contributors
8 Replies
823 Views
10 Months Discussion Span
Latest Post 16 Years Ago Latest Post by darsh999

All 8 Replies

ithelp 757 Posting Virtuoso

17 Years Ago

plug out the network cable for few minutes, and replug and see if the program is still running, the process is using port 1715, so either block the port or find out the process and kill it

DimaYasny 180 Godmode enabled

17 Years Ago

if you want to block the connected url permanently, you can enter it into the hosts file, with an ip of 127.0.0.1
that way any malware/spyware won't be able to find it and connect to it

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mps727 0 Junior Poster in Training · Answer 1 · 2007-02-27T12:20:48+00:00

Also, I think I forgot to make it clear, but I was wondering for future reference how to find out what process is assigned to the PID so I can determine what is establishing the connection.

DimaYasny 180 Godmode enabled Team Colleague Featured Poster · Answer 2 · 2007-03-08T14:22:28+00:00

if you want to block the connected url permanently, you can enter it into the hosts file, with an ip of 127.0.0.1
that way any malware/spyware won't be able to find it and connect to it

DimaYasny 180 Godmode enabled Team Colleague Featured Poster · Answer 3 · 2007-03-08T14:27:12+00:00

damn, that was a glitch in the matrix
sorry mods, please erase the extra posts

thanks )

XTRM 0 Newbie Poster · Answer 4 · 2007-12-30T05:24:20+00:00

Especialy good when you notice your internet running continously when you havn' even opend a window yet !!

Start
Run
Type 'cmd'
Type 'netstat'
You will see the strange connection name & ip
If you cant find the ip number type 'nslookup (domain name)' then enter
Once you got Ip and domain name install X-Netstat a free software that can kill and monitor those connections.
Open the program and click refresh, find the connection through the ip or domain name you have and kill it (Kill button).

BUT

Depending on the trojen or whatever the case may be it can come back, annoying.

Under the process section you can see the processes name, remember it.
Press Ctrl+Alt+Dlt
Click Processes tab
Find it and kill

Problem solved

Back to Sleep

pappuravi80 0 Newbie Poster · Answer 5 · 2007-12-30T22:50:11+00:00

tips:
try removing startup items...
update your antivirus/spyware
check with the firewall settings...

Regards,
Pappu R.

darsh999 0 Junior Poster in Training · Answer 6 · 2008-01-17T01:41:51+00:00

first of all change your anti virus system
it's a spam it generally happens with poor anti virus protection so get a new anti virus and get a rescan i hope the problem will be resolved

Weird connections when using netstat

Recommended Answers Collapse Answers

All 8 Replies

Recommended Answers