• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1109
  • Last Modified:

<non-existent> processes shown in TCPview / sysinternals.com

OS: XP Pro MCE SP1
CPU: Intel P4 3.0G HT

What is a "non-existent" process and why are there so many sitting idle?  I've seen this once before with a tricky trojan that I could only detect with a german freeware antivirus program whose name I cannot recal in an .INS while running in safe mode

http://img35.exs.cx/img35/3721/EE_040930_nonexistentprocesshuh.png

I've used a variety of the online scanners despite my Internet explorer loathing, run spybot and adaware, and run a full system scan with NAV2004 with no results.   None of my programs are configured to use ports:  548, 952 or 2388, nor does the router allow traffic in on those ports.  At no time was an event triggered in the software firewall on this machine.

Nothing tricky seems to be running according to both HiJackThis and RegSeeker


help?

0
paradoxloss
Asked:
paradoxloss
2 Solutions
 
paradoxlossAuthor Commented:
It occurs to me I should mention that there is no actual established connection to anywhere:

http://img35.exs.cx/img35/2141/EE_040930_nonexistentprocesslisten.png

0
 
Fatal_ExceptionCommented:
Download and run Process Explorer from Sysinternals.  It will give you a wealth of information on the processes running on your system.

Process Explorer v8.51
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

You can also run netstat with the -aon switch to provide you with the PID's of the open connections and this should help you track down the exact process being used.

FE
0
 
msluneckaCommented:
Port 548 is AFP over TCP.  That's a protocol for connecting PCs and macs.  (apple file protocol or something like that).

Port 2388 could be a number of things.  Might be related to vsam (a .NET thing) WinPcap (packet sniffing stuff) or JDO Genie (database type stuff)
0
2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

 
Aland CoonsSystems EngineerCommented:
I don't have a solution to your question but the anti-Virus software you refer to is probably AVG (Czech)
http://www.grisoft.com/us/us_index.php
or maybe Kaspersky (Russian)
http://www.kaspersky.com/
0
 
paradoxlossAuthor Commented:
@Fatal Exception

That screenshot IS from the sysinternals tool.  That's why I'm puzzled.
0
 
Fatal_ExceptionCommented:
Thanks..  hopefully you solved the puzzle..  :)
0
 
paradoxlossAuthor Commented:
no, but leaving the question open indefinately isn't fair to those who provided some useful information. :)
0
 
Fatal_ExceptionCommented:
I wish more of our users felt the same.!!!  thanks again..
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now