Solved

<non-existent> processes shown in TCPview / sysinternals.com

Posted on 2004-09-30
8
989 Views
Last Modified: 2008-02-07
OS: XP Pro MCE SP1
CPU: Intel P4 3.0G HT

What is a "non-existent" process and why are there so many sitting idle?  I've seen this once before with a tricky trojan that I could only detect with a german freeware antivirus program whose name I cannot recal in an .INS while running in safe mode

http://img35.exs.cx/img35/3721/EE_040930_nonexistentprocesshuh.png

I've used a variety of the online scanners despite my Internet explorer loathing, run spybot and adaware, and run a full system scan with NAV2004 with no results.   None of my programs are configured to use ports:  548, 952 or 2388, nor does the router allow traffic in on those ports.  At no time was an event triggered in the software firewall on this machine.

Nothing tricky seems to be running according to both HiJackThis and RegSeeker


help?

0
Comment
Question by:paradoxloss
8 Comments
 

Author Comment

by:paradoxloss
Comment Utility
It occurs to me I should mention that there is no actual established connection to anywhere:

http://img35.exs.cx/img35/2141/EE_040930_nonexistentprocesslisten.png

0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 300 total points
Comment Utility
Download and run Process Explorer from Sysinternals.  It will give you a wealth of information on the processes running on your system.

Process Explorer v8.51
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

You can also run netstat with the -aon switch to provide you with the PID's of the open connections and this should help you track down the exact process being used.

FE
0
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 200 total points
Comment Utility
Port 548 is AFP over TCP.  That's a protocol for connecting PCs and macs.  (apple file protocol or something like that).

Port 2388 could be a number of things.  Might be related to vsam (a .NET thing) WinPcap (packet sniffing stuff) or JDO Genie (database type stuff)
0
 
LVL 12

Expert Comment

by:alandc
Comment Utility
I don't have a solution to your question but the anti-Virus software you refer to is probably AVG (Czech)
http://www.grisoft.com/us/us_index.php
or maybe Kaspersky (Russian)
http://www.kaspersky.com/
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:paradoxloss
Comment Utility
@Fatal Exception

That screenshot IS from the sysinternals tool.  That's why I'm puzzled.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
Thanks..  hopefully you solved the puzzle..  :)
0
 

Author Comment

by:paradoxloss
Comment Utility
no, but leaving the question open indefinately isn't fair to those who provided some useful information. :)
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
I wish more of our users felt the same.!!!  thanks again..
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Disclosure: Use this tutorial only when no other options helps to get Windows XP running without any problems and you don't want to format the drive. The back up of the data is the responsible of the user, however there is a description of how t…
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now