Re: Am i under attack? trojans n stuff
From: Shenan Stanley (news_helper_at_hushmail.com)
Date: 03/30/04
- Next message: Wizard: "Re: Help! Computers slow and modem not working."
- Previous message: dee_ss2001: "Re: Encrypted folders"
- In reply to: tarquinlinbin: "Am i under attack? trojans n stuff"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 05:35:29 -0600
tarquinlinbin wrote:
> I seem to have had a problem on and off for a while.
>
> I keep getting running processes which seem to engage the cpu 100% and
> slow down my pc.
>
> I use xp pro, have a netgear router, norton internet security etc
>
> so far i have spotted cmd.exe running in running processes on occasion
> and taking 100% cpu , i have recently spotted system running at near
> 100% and yet there appears to be no internet traffic flowing
> (broadband).
>
> I ran some software to check tcp ports and at the time,the following
> was noted..
>
> alg.exe:1084 TCP a:3001 a:0 LISTENING
> ccApp.exe:1612 TCP a:3008 a:0 LISTENING
> CCPXYSVC.EXE:1100 TCP a:1027 a:0 LISTENING
> lsass.exe:436 UDP a:isakmp *:*
> svchost.exe:592 TCP a:epmap a:0 LISTENING
> svchost.exe:616 TCP a:1025 a:0 LISTENING
> svchost.exe:616 TCP a:3002 a:0 LISTENING
> svchost.exe:616 TCP a:3003 a:0 LISTENING
> svchost.exe:616 UDP a:ntp *:*
> svchost.exe:616 UDP a:2234 *:*
> svchost.exe:616 UDP a:ntp *:*
> svchost.exe:616 UDP a:2234 *:*
> svchost.exe:688 UDP a:3007 *:*
> svchost.exe:700 TCP a:5000 a:0 LISTENING
> svchost.exe:700 UDP a:1900 *:*
> svchost.exe:700 UDP a:1900 *:*
> System:4 TCP a:microsoft-ds a:0 LISTENING
> System:4 TCP a:1028 a:0 LISTENING
> System:4 TCP a:netbios-ssn a:0 LISTENING
> System:4 UDP a:microsoft-ds *:*
> System:4 UDP a:netbios-ns *:*
> System:4 UDP a:netbios-dgm *:*
>
>
> recently NIS reported that oraini.exe wanted to make an internet
> connection and flagged it as high risk so i blocked it. I also noted
> that in NIS statistics an apparent connect attempt was made (in or
> out,i dont know but i didnt type the address in a browser!!) to
> 194.226.151.186 which is apparently the siberian tourist board website
> or something!!
>
> I have all the latest windows updates apart from sp1. I also have
> trojan scanner software which doesnt detect anything.
> My research tells me something about redbrook-broker on ports 3001-
> and i note that 3001 is in my list.
>
> I seem to have plenty of security in place but i dont feel that secure
> and i feel that something is going on or something is at least trying
> to do something and failing becuase of security..
Always use more than one product to scan for viruses, trojans, worms,
adware, spyware and/or malware of any kind. I would suggest doing some
online scans (like http://www.pandasoftware.com/activescan/) and using (at
least) three of the following products:
Spybot Search and Destroy
http://www.safer-networking.net/
Lavasoft AdAware
http://www.lavasoft.de
CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html
Hijack This!
http://mjc1.com/mirror/hjt/
I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/
The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well.
And Assortment of Others:
http://www.merijn.org/downloads.html
-- <- Shenan -> --
- Next message: Wizard: "Re: Help! Computers slow and modem not working."
- Previous message: dee_ss2001: "Re: Encrypted folders"
- In reply to: tarquinlinbin: "Am i under attack? trojans n stuff"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
