Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

<non-existent> processes shown in TCPview / sysinternals.com

Posted on 2004-09-30
8
1,018 Views
Last Modified: 2008-02-07
OS: XP Pro MCE SP1
CPU: Intel P4 3.0G HT

What is a "non-existent" process and why are there so many sitting idle?  I've seen this once before with a tricky trojan that I could only detect with a german freeware antivirus program whose name I cannot recal in an .INS while running in safe mode

http://img35.exs.cx/img35/3721/EE_040930_nonexistentprocesshuh.png

I've used a variety of the online scanners despite my Internet explorer loathing, run spybot and adaware, and run a full system scan with NAV2004 with no results.   None of my programs are configured to use ports:  548, 952 or 2388, nor does the router allow traffic in on those ports.  At no time was an event triggered in the software firewall on this machine.

Nothing tricky seems to be running according to both HiJackThis and RegSeeker


help?

0
Comment
Question by:paradoxloss
8 Comments
 

Author Comment

by:paradoxloss
ID: 12188202
It occurs to me I should mention that there is no actual established connection to anywhere:

http://img35.exs.cx/img35/2141/EE_040930_nonexistentprocesslisten.png

0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 300 total points
ID: 12188749
Download and run Process Explorer from Sysinternals.  It will give you a wealth of information on the processes running on your system.

Process Explorer v8.51
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

You can also run netstat with the -aon switch to provide you with the PID's of the open connections and this should help you track down the exact process being used.

FE
0
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 200 total points
ID: 12190200
Port 548 is AFP over TCP.  That's a protocol for connecting PCs and macs.  (apple file protocol or something like that).

Port 2388 could be a number of things.  Might be related to vsam (a .NET thing) WinPcap (packet sniffing stuff) or JDO Genie (database type stuff)
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 12

Expert Comment

by:alandc
ID: 12312413
I don't have a solution to your question but the anti-Virus software you refer to is probably AVG (Czech)
http://www.grisoft.com/us/us_index.php
or maybe Kaspersky (Russian)
http://www.kaspersky.com/
0
 

Author Comment

by:paradoxloss
ID: 12466898
@Fatal Exception

That screenshot IS from the sysinternals tool.  That's why I'm puzzled.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12482533
Thanks..  hopefully you solved the puzzle..  :)
0
 

Author Comment

by:paradoxloss
ID: 12488692
no, but leaving the question open indefinately isn't fair to those who provided some useful information. :)
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12489339
I wish more of our users felt the same.!!!  thanks again..
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question