Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1128
  • Last Modified:

<non-existent> processes shown in TCPview / sysinternals.com

OS: XP Pro MCE SP1
CPU: Intel P4 3.0G HT

What is a "non-existent" process and why are there so many sitting idle?  I've seen this once before with a tricky trojan that I could only detect with a german freeware antivirus program whose name I cannot recal in an .INS while running in safe mode

http://img35.exs.cx/img35/3721/EE_040930_nonexistentprocesshuh.png

I've used a variety of the online scanners despite my Internet explorer loathing, run spybot and adaware, and run a full system scan with NAV2004 with no results.   None of my programs are configured to use ports:  548, 952 or 2388, nor does the router allow traffic in on those ports.  At no time was an event triggered in the software firewall on this machine.

Nothing tricky seems to be running according to both HiJackThis and RegSeeker


help?

0
paradoxloss
Asked:
paradoxloss
2 Solutions
 
paradoxlossAuthor Commented:
It occurs to me I should mention that there is no actual established connection to anywhere:

http://img35.exs.cx/img35/2141/EE_040930_nonexistentprocesslisten.png

0
 
Fatal_ExceptionCommented:
Download and run Process Explorer from Sysinternals.  It will give you a wealth of information on the processes running on your system.

Process Explorer v8.51
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

You can also run netstat with the -aon switch to provide you with the PID's of the open connections and this should help you track down the exact process being used.

FE
0
 
msluneckaCommented:
Port 548 is AFP over TCP.  That's a protocol for connecting PCs and macs.  (apple file protocol or something like that).

Port 2388 could be a number of things.  Might be related to vsam (a .NET thing) WinPcap (packet sniffing stuff) or JDO Genie (database type stuff)
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Aland CoonsSystems EngineerCommented:
I don't have a solution to your question but the anti-Virus software you refer to is probably AVG (Czech)
http://www.grisoft.com/us/us_index.php
or maybe Kaspersky (Russian)
http://www.kaspersky.com/
0
 
paradoxlossAuthor Commented:
@Fatal Exception

That screenshot IS from the sysinternals tool.  That's why I'm puzzled.
0
 
Fatal_ExceptionCommented:
Thanks..  hopefully you solved the puzzle..  :)
0
 
paradoxlossAuthor Commented:
no, but leaving the question open indefinately isn't fair to those who provided some useful information. :)
0
 
Fatal_ExceptionCommented:
I wish more of our users felt the same.!!!  thanks again..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now