View previous topic :: View next topic |
Author |
Message |
Kev
Joined: 07 Jan 2004 Posts: 2
|
Posted: Wed Jan 07, 2004 2:15 pm Post subject: hidden process - a trojan? |
|
|
hi there, just installed ip-tools for the first time. i am very impressed so far but i have found something that has worried me...
in the connections list appears a particular connection that looks suspect. it is a tcp connection to a machine i do not recognise... to make things worse it cannot name the process but instead says ???:2416 under process ID. this pid does not appear in task manager, in sysinernals process monitor, in hacker eliminator, or in security task maanger - all apps i have installed specifically to try and track down this process. nothing else i have tried can even find it... except that pskill (part of sysinternals pstools) will report that it cannot kill the process because access is denied. how can i nail this process down? why can i not find it in any other process listing?!
it connects internally to port 2237 and remotely to port 3884... the status is LAST_ACK (unlike any other) and the suspect remote address is c-65-34-161-58.se.client2.attbi.com. could this be the address of a hacker who has my machine under remote control with process 2416?! and if so what the hell can i do about it?!!!
i would be most grateful if someone could help me with this!! |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12806 Location: USA
|
Posted: Wed Jan 07, 2004 8:36 pm Post subject: |
|
|
I assume you are using Windows XP?
Theoretically IP-Tols can display "???" instead name of the process when process already terminated. "LAST_ACK" means that connection (almost) closed, Windows just is waiting for acknowledgment. So, process terminated but Windows still have information about connection that was used by some process.
That's why other programs do not display this process at all.
Quote: |
it connects internally to port 2237 and remotely to port 3884... the status is LAST_ACK (unlike any other) and the suspect remote address is c-65-34-161-58.se.client2.attbi.com. could this be the address of a hacker who has my machine under remote control with process 2416?! and if so what the hell can i do about it?!!! |
If you did not call this address, yes it could be some trojan. However I did not find any useful information about what program can use 2237 and 3884 ports.
I think you should enable "save to log file" option (Connection Monitor page in the Options dialog) and check what process uses/used connection.
Regards
Alex |
|
Back to top |
|
|
Kev
Joined: 07 Jan 2004 Posts: 2
|
Posted: Thu Jan 08, 2004 3:43 am Post subject: |
|
|
hi alex, thanks for your help. sorry i should have mentioned my os version - yes i am on xp.... also on a lan and behind a firewall which makes this connection seem even more suspect...
so when can i expect this connection to end? it is still there waiting for acknowledgement. i will turn on logging and try and catch some more info...
in the meantime thanks again for your help
kev |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12806 Location: USA
|
Posted: Thu Jan 08, 2004 8:59 pm Post subject: |
|
|
Quote: | so when can i expect this connection to end? it is still there waiting for acknowledgement. |
Actually its already closed. OS (Windows) should not wait forewer, after some timeout it should drop connection and release resources even in case final aknowlegment was not received. Looks like Windows "forgot" to do this, sometimes its happen.
Regards
Alex |
|
Back to top |
|
|
paolari
Joined: 30 May 2009 Posts: 1
|
Posted: Wed Jun 03, 2009 5:57 am Post subject: |
|
|
My computer has the antivermin trojan how do i get rid of it ?
I tried the prevx1 site based on an answer with good feedback, but after i downloaded it i could not navigate to any site, does the trojan know im trying to get rid of it? When i removed prevx1 i could then navigate.
_____________
external keyword tool ~ keyworddiscovery.com ~ keycompete.com ~ compete.com ~ webmasterworld.com
Last edited by paolari on Sat Jun 06, 2009 12:07 am; edited 1 time in total |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
|
Back to top |
|
|
|