Tech Support Forum - View Single Post - Trojan/Malware suspected in openining ports

Pansy · 10-20-2008, 11:00 AM

I have been fighting this problem for several weeks now. I even reformated my computer and reinstalled most software. Three days after I reformated, I noticed that I have the same problem again, but even worse.
I am deeply concerned about all the ports that are established with some connection.

Any help would be appreciated.
Thanks

See netstat log below:

Proto Local Address Foreign Address State
TCP PC_name:epmap PC_name:0 LISTENING
TCP PC_name:microsoft-ds PC_name:0 LISTENING
TCP PC_name:1025 PC_name:0 LISTENING
TCP PC_name:1038 localhost:31595 CLOSE_WAIT
TCP PC_name:1041 localhost:31595 ESTABLISHED
TCP PC_name:1043 localhost:31595 ESTABLISHED
TCP PC_name:1052 localhost:31595 TIME_WAIT
TCP PC_name:1054 localhost:31595 ESTABLISHED
TCP PC_name:1060 localhost:31595 ESTABLISHED
TCP PC_name:1067 localhost:31595 ESTABLISHED
TCP PC_name:1070 localhost:31595 ESTABLISHED
TCP PC_name:1074 localhost:31595 ESTABLISHED
TCP PC_name:1088 localhost:31595 TIME_WAIT
TCP PC_name:1097 localhost:31595 ESTABLISHED
TCP PC_name:1100 localhost:31595 ESTABLISHED
TCP PC_name:1123 localhost:31595 ESTABLISHED
TCP PC_name:1139 localhost:31595 ESTABLISHED
TCP PC_name:1146 localhost:31595 ESTABLISHED
TCP PC_name:1173 localhost:31595 ESTABLISHED
TCP PC_name:1174 localhost:31595 ESTABLISHED
TCP PC_name:1183 localhost:31595 ESTABLISHED
TCP PC_name:1200 localhost:31595 ESTABLISHED
TCP PC_name:1208 localhost:31595 ESTABLISHED
TCP PC_name:1230 localhost:31595 ESTABLISHED
TCP PC_name:31595 PC_name:0 LISTENING
TCP PC_name:31595 localhost:1038 FIN_WAIT_2
TCP PC_name:31595 localhost:1041 ESTABLISHED
TCP PC_name:31595 localhost:1043 ESTABLISHED
TCP PC_name:31595 localhost:1047 TIME_WAIT
TCP PC_name:31595 localhost:1054 ESTABLISHED
TCP PC_name:31595 localhost:1058 TIME_WAIT
TCP PC_name:31595 localhost:1060 ESTABLISHED
TCP PC_name:31595 localhost:1063 TIME_WAIT
TCP PC_name:31595 localhost:1064 TIME_WAIT
TCP PC_name:31595 localhost:1067 ESTABLISHED
TCP PC_name:31595 localhost:1070 ESTABLISHED
TCP PC_name:31595 localhost:1074 ESTABLISHED
TCP PC_name:31595 localhost:1081 TIME_WAIT
TCP PC_name:31595 localhost:1085 TIME_WAIT
TCP PC_name:31595 localhost:1090 TIME_WAIT
TCP PC_name:31595 localhost:1092 TIME_WAIT
TCP PC_name:31595 localhost:1097 ESTABLISHED
TCP PC_name:31595 localhost:1100 ESTABLISHED
TCP PC_name:31595 localhost:1102 TIME_WAIT
TCP PC_name:31595 localhost:1104 TIME_WAIT
TCP PC_name:31595 localhost:1112 TIME_WAIT
TCP PC_name:31595 localhost:1115 TIME_WAIT
TCP PC_name:31595 localhost:1120 TIME_WAIT
TCP PC_name:31595 localhost:1123 ESTABLISHED
TCP PC_name:31595 localhost:1128 TIME_WAIT
TCP PC_name:31595 localhost:1130 TIME_WAIT
TCP PC_name:31595 localhost:1134 TIME_WAIT
TCP PC_name:31595 localhost:1137 TIME_WAIT
TCP PC_name:31595 localhost:1139 ESTABLISHED
TCP PC_name:31595 localhost:1146 ESTABLISHED
TCP PC_name:31595 localhost:1149 TIME_WAIT
TCP PC_name:31595 localhost:1152 TIME_WAIT
TCP PC_name:31595 localhost:1154 TIME_WAIT
TCP PC_name:31595 localhost:1156 TIME_WAIT
TCP PC_name:31595 localhost:1158 TIME_WAIT
TCP PC_name:31595 localhost:1165 TIME_WAIT
TCP PC_name:31595 localhost:1168 TIME_WAIT
TCP PC_name:31595 localhost:1171 TIME_WAIT
TCP PC_name:31595 localhost:1173 ESTABLISHED
TCP PC_name:31595 localhost:1174 ESTABLISHED
TCP PC_name:31595 localhost:1177 TIME_WAIT
TCP PC_name:31595 localhost:1181 TIME_WAIT
TCP PC_name:31595 localhost:1183 ESTABLISHED
TCP PC_name:31595 localhost:1189 TIME_WAIT
TCP PC_name:31595 localhost:1191 TIME_WAIT
TCP PC_name:31595 localhost:1195 TIME_WAIT
TCP PC_name:31595 localhost:1198 TIME_WAIT
TCP PC_name:31595 localhost:1200 ESTABLISHED
TCP PC_name:31595 localhost:1204 TIME_WAIT
TCP PC_name:31595 localhost:1206 TIME_WAIT
TCP PC_name:31595 localhost:1208 ESTABLISHED
TCP PC_name:31595 localhost:1214 TIME_WAIT
TCP PC_name:31595 localhost:1217 TIME_WAIT
TCP PC_name:31595 localhost:1220 TIME_WAIT
TCP PC_name:31595 localhost:1224 TIME_WAIT
TCP PC_name:31595 localhost:1226 TIME_WAIT
TCP PC_name:31595 localhost:1230 ESTABLISHED
TCP PC_name:netbios-ssn PC_name:0 LISTENING
TCP PC_name:1031 206.132.122.56:http ESTABLISHED
TCP PC_name:1042 img.fark.com:http ESTABLISHED
TCP PC_name:1044 img.fark.com:http ESTABLISHED
TCP PC_name:1053 208.71.120.23:http TIME_WAIT
TCP PC_name:1055 206.132.122.81:http ESTABLISHED
TCP PC_name:1061 img.fark.com:http ESTABLISHED
TCP PC_name:1068 img.fark.com:http ESTABLISHED
TCP PC_name:1071 img.fark.com:http ESTABLISHED
TCP PC_name:1075 img.fark.com:http ESTABLISHED
TCP PC_name:1098 8.18.42.107:http ESTABLISHED
TCP PC_name:1101 208.71.120.23:http ESTABLISHED
TCP PC_name:1124 208.37.177.42.ptr.us.xo.net:http ESTABLISHED
TCP PC_name:1140 img.fark.com:http ESTABLISHED
TCP PC_name:1147 img.fark.com:http ESTABLISHED
TCP PC_name:1175 8.18.42.72:http ESTABLISHED
TCP PC_name:1176 8.18.42.72:http ESTABLISHED
TCP PC_name:1184 66.151.61.127:http ESTABLISHED
TCP PC_name:1201 tag.contextweb.com:http ESTABLISHED
TCP PC_name:1209 media.contextweb.com:http ESTABLISHED
TCP PC_name:1231 he-in-f164.google.com:http ESTABLISHED
UDP PC_name:microsoft-ds *:*
UDP PC_name:isakmp *:*
UDP PC_name:4500 *:*
UDP PC_name:ntp *:*
UDP PC_name:1037 *:*
UDP PC_name:1900 *:*
UDP PC_name:18001 *:*
UDP PC_name:18002 *:*
UDP PC_name:44301 *:*
UDP PC_name:ntp *:*
UDP PC_name:netbios-ns *:*
UDP PC_name:netbios-dgm *:*
UDP PC_name:1900 *:*

10-20-2008, 11:00 AM	#7 (permalink)
Pansy Registered User Join Date: Sep 2008 Posts: 7 OS: XP	Re: Trojan/Malware suspected in openining ports I have been fighting this problem for several weeks now. I even reformated my computer and reinstalled most software. Three days after I reformated, I noticed that I have the same problem again, but even worse. I am deeply concerned about all the ports that are established with some connection. Any help would be appreciated. Thanks See netstat log below: Proto Local Address Foreign Address State TCP PC_name:epmap PC_name:0 LISTENING TCP PC_name:microsoft-ds PC_name:0 LISTENING TCP PC_name:1025 PC_name:0 LISTENING TCP PC_name:1038 localhost:31595 CLOSE_WAIT TCP PC_name:1041 localhost:31595 ESTABLISHED TCP PC_name:1043 localhost:31595 ESTABLISHED TCP PC_name:1052 localhost:31595 TIME_WAIT TCP PC_name:1054 localhost:31595 ESTABLISHED TCP PC_name:1060 localhost:31595 ESTABLISHED TCP PC_name:1067 localhost:31595 ESTABLISHED TCP PC_name:1070 localhost:31595 ESTABLISHED TCP PC_name:1074 localhost:31595 ESTABLISHED TCP PC_name:1088 localhost:31595 TIME_WAIT TCP PC_name:1097 localhost:31595 ESTABLISHED TCP PC_name:1100 localhost:31595 ESTABLISHED TCP PC_name:1123 localhost:31595 ESTABLISHED TCP PC_name:1139 localhost:31595 ESTABLISHED TCP PC_name:1146 localhost:31595 ESTABLISHED TCP PC_name:1173 localhost:31595 ESTABLISHED TCP PC_name:1174 localhost:31595 ESTABLISHED TCP PC_name:1183 localhost:31595 ESTABLISHED TCP PC_name:1200 localhost:31595 ESTABLISHED TCP PC_name:1208 localhost:31595 ESTABLISHED TCP PC_name:1230 localhost:31595 ESTABLISHED TCP PC_name:31595 PC_name:0 LISTENING TCP PC_name:31595 localhost:1038 FIN_WAIT_2 TCP PC_name:31595 localhost:1041 ESTABLISHED TCP PC_name:31595 localhost:1043 ESTABLISHED TCP PC_name:31595 localhost:1047 TIME_WAIT TCP PC_name:31595 localhost:1054 ESTABLISHED TCP PC_name:31595 localhost:1058 TIME_WAIT TCP PC_name:31595 localhost:1060 ESTABLISHED TCP PC_name:31595 localhost:1063 TIME_WAIT TCP PC_name:31595 localhost:1064 TIME_WAIT TCP PC_name:31595 localhost:1067 ESTABLISHED TCP PC_name:31595 localhost:1070 ESTABLISHED TCP PC_name:31595 localhost:1074 ESTABLISHED TCP PC_name:31595 localhost:1081 TIME_WAIT TCP PC_name:31595 localhost:1085 TIME_WAIT TCP PC_name:31595 localhost:1090 TIME_WAIT TCP PC_name:31595 localhost:1092 TIME_WAIT TCP PC_name:31595 localhost:1097 ESTABLISHED TCP PC_name:31595 localhost:1100 ESTABLISHED TCP PC_name:31595 localhost:1102 TIME_WAIT TCP PC_name:31595 localhost:1104 TIME_WAIT TCP PC_name:31595 localhost:1112 TIME_WAIT TCP PC_name:31595 localhost:1115 TIME_WAIT TCP PC_name:31595 localhost:1120 TIME_WAIT TCP PC_name:31595 localhost:1123 ESTABLISHED TCP PC_name:31595 localhost:1128 TIME_WAIT TCP PC_name:31595 localhost:1130 TIME_WAIT TCP PC_name:31595 localhost:1134 TIME_WAIT TCP PC_name:31595 localhost:1137 TIME_WAIT TCP PC_name:31595 localhost:1139 ESTABLISHED TCP PC_name:31595 localhost:1146 ESTABLISHED TCP PC_name:31595 localhost:1149 TIME_WAIT TCP PC_name:31595 localhost:1152 TIME_WAIT TCP PC_name:31595 localhost:1154 TIME_WAIT TCP PC_name:31595 localhost:1156 TIME_WAIT TCP PC_name:31595 localhost:1158 TIME_WAIT TCP PC_name:31595 localhost:1165 TIME_WAIT TCP PC_name:31595 localhost:1168 TIME_WAIT TCP PC_name:31595 localhost:1171 TIME_WAIT TCP PC_name:31595 localhost:1173 ESTABLISHED TCP PC_name:31595 localhost:1174 ESTABLISHED TCP PC_name:31595 localhost:1177 TIME_WAIT TCP PC_name:31595 localhost:1181 TIME_WAIT TCP PC_name:31595 localhost:1183 ESTABLISHED TCP PC_name:31595 localhost:1189 TIME_WAIT TCP PC_name:31595 localhost:1191 TIME_WAIT TCP PC_name:31595 localhost:1195 TIME_WAIT TCP PC_name:31595 localhost:1198 TIME_WAIT TCP PC_name:31595 localhost:1200 ESTABLISHED TCP PC_name:31595 localhost:1204 TIME_WAIT TCP PC_name:31595 localhost:1206 TIME_WAIT TCP PC_name:31595 localhost:1208 ESTABLISHED TCP PC_name:31595 localhost:1214 TIME_WAIT TCP PC_name:31595 localhost:1217 TIME_WAIT TCP PC_name:31595 localhost:1220 TIME_WAIT TCP PC_name:31595 localhost:1224 TIME_WAIT TCP PC_name:31595 localhost:1226 TIME_WAIT TCP PC_name:31595 localhost:1230 ESTABLISHED TCP PC_name:netbios-ssn PC_name:0 LISTENING TCP PC_name:1031 206.132.122.56:http ESTABLISHED TCP PC_name:1042 img.fark.com:http ESTABLISHED TCP PC_name:1044 img.fark.com:http ESTABLISHED TCP PC_name:1053 208.71.120.23:http TIME_WAIT TCP PC_name:1055 206.132.122.81:http ESTABLISHED TCP PC_name:1061 img.fark.com:http ESTABLISHED TCP PC_name:1068 img.fark.com:http ESTABLISHED TCP PC_name:1071 img.fark.com:http ESTABLISHED TCP PC_name:1075 img.fark.com:http ESTABLISHED TCP PC_name:1098 8.18.42.107:http ESTABLISHED TCP PC_name:1101 208.71.120.23:http ESTABLISHED TCP PC_name:1124 208.37.177.42.ptr.us.xo.net:http ESTABLISHED TCP PC_name:1140 img.fark.com:http ESTABLISHED TCP PC_name:1147 img.fark.com:http ESTABLISHED TCP PC_name:1175 8.18.42.72:http ESTABLISHED TCP PC_name:1176 8.18.42.72:http ESTABLISHED TCP PC_name:1184 66.151.61.127:http ESTABLISHED TCP PC_name:1201 tag.contextweb.com:http ESTABLISHED TCP PC_name:1209 media.contextweb.com:http ESTABLISHED TCP PC_name:1231 he-in-f164.google.com:http ESTABLISHED UDP PC_name:microsoft-ds : UDP PC_name:isakmp : UDP PC_name:4500 : UDP PC_name:ntp : UDP PC_name:1037 : UDP PC_name:1900 : UDP PC_name:18001 : UDP PC_name:18002 : UDP PC_name:44301 : UDP PC_name:ntp : UDP PC_name:netbios-ns : UDP PC_name:netbios-dgm : UDP PC_name:1900 :