Re: netstat command
From: YoKenny (YKnot_at_home.invalid)
Date: 10/12/03
- Next message: Steven L Umbach: "Re: netstat command"
- Previous message: Taishi: "Re: Virus E-Mail After Newsgroup Post"
- In reply to: Taishi: "netstat command"
- Next in thread: Taishi: "Re: netstat command"
- Reply: Taishi: "Re: netstat command"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 11 Oct 2003 23:04:35 -0400
Taishi wrote:
> I can see alot of activity on my ports. Netstat output listed below.
> I think I have a worm or a trojan. If this is true, Do any of you
> know what it is?
>
> Is it possible for a hacker to view my keystrokes, passwords for my
> banking account and other private passwords?
>
> Regards,
> T
>
> Proto Local Address Foreign Address State
> TCP my200srv:echo my200srv:0 LISTENING
> TCP my200srv:discard my200srv:0 LISTENING
> TCP my200srv:daytime my200srv:0 LISTENING
> TCP my200srv:qotd my200srv:0 LISTENING
> TCP my200srv:chargen my200srv:0 LISTENING
> TCP my200srv:ftp my200srv:0 LISTENING
> TCP my200srv:smtp my200srv:0 LISTENING
> TCP my200srv:nameserver my200srv:0 LISTENING
> TCP my200srv:domain my200srv:0 LISTENING
> TCP my200srv:http my200srv:0 LISTENING
> TCP my200srv:epmap my200srv:0 LISTENING
> TCP my200srv:https my200srv:0 LISTENING
> TCP my200srv:microsoft-ds my200srv:0 LISTENING
> TCP my200srv:1026 my200srv:0 LISTENING
> TCP my200srv:1029 my200srv:0 LISTENING
> TCP my200srv:1034 my200srv:0 LISTENING
> TCP my200srv:1036 my200srv:0 LISTENING
> TCP my200srv:1039 my200srv:0 LISTENING
> TCP my200srv:1040 my200srv:0 LISTENING
> TCP my200srv:1873 my200srv:0 LISTENING
> TCP my200srv:3439 my200srv:0 LISTENING
> TCP my200srv:3440 my200srv:0 LISTENING
> TCP my200srv:3441 my200srv:0 LISTENING
> TCP my200srv:3743 my200srv:0 LISTENING
> TCP my200srv:4505 my200srv:0 LISTENING
> TCP my200srv:15000 my200srv:0 LISTENING
> TCP my200srv:5555 my200srv:0 LISTENING
> TCP my200srv:netbios-ssn my200srv:0 LISTENING
> TCP my200srv:1873 msnews.microsoft.com:nntp
> ESTABLISHED
> TCP my200srv:3436 64.71.159.243:http TIME_WAIT
> TCP my200srv:3439 199.181.132.151:http ESTABLISHED
> TCP my200srv:3440 64.71.159.243:http ESTABLISHED
> TCP my200srv:3441 64.71.159.243:http SYN_SENT
> TCP my200srv:3743 newssvr23-ext.news.prodigy.com:nntp
> ESTABLISHED
Q1: Need the names of the applications running on your system.
Try TCPView as it will give you the application name that is associated with
the connection.
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
Q2: Yes. A keylogger application or trojan can capture and transmit all
your information.
Get a copy of HijackThis from this site:
http://www.tomcoyote.org/hjt/
Go to this forum:
http://forums.spywareinfo.com/index.php?s=d920245b6997106a8e25af1c3d810783&showforum=11
- Next message: Steven L Umbach: "Re: netstat command"
- Previous message: Taishi: "Re: Virus E-Mail After Newsgroup Post"
- In reply to: Taishi: "netstat command"
- Next in thread: Taishi: "Re: netstat command"
- Reply: Taishi: "Re: netstat command"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
