Solved

<non-existent> processes shown in TCPview / sysinternals.com

Posted on 2004-09-30
8
998 Views
Last Modified: 2008-02-07
OS: XP Pro MCE SP1
CPU: Intel P4 3.0G HT

What is a "non-existent" process and why are there so many sitting idle?  I've seen this once before with a tricky trojan that I could only detect with a german freeware antivirus program whose name I cannot recal in an .INS while running in safe mode

http://img35.exs.cx/img35/3721/EE_040930_nonexistentprocesshuh.png

I've used a variety of the online scanners despite my Internet explorer loathing, run spybot and adaware, and run a full system scan with NAV2004 with no results.   None of my programs are configured to use ports:  548, 952 or 2388, nor does the router allow traffic in on those ports.  At no time was an event triggered in the software firewall on this machine.

Nothing tricky seems to be running according to both HiJackThis and RegSeeker


help?

0
Comment
Question by:paradoxloss
8 Comments
 

Author Comment

by:paradoxloss
ID: 12188202
It occurs to me I should mention that there is no actual established connection to anywhere:

http://img35.exs.cx/img35/2141/EE_040930_nonexistentprocesslisten.png

0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 300 total points
ID: 12188749
Download and run Process Explorer from Sysinternals.  It will give you a wealth of information on the processes running on your system.

Process Explorer v8.51
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

You can also run netstat with the -aon switch to provide you with the PID's of the open connections and this should help you track down the exact process being used.

FE
0
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 200 total points
ID: 12190200
Port 548 is AFP over TCP.  That's a protocol for connecting PCs and macs.  (apple file protocol or something like that).

Port 2388 could be a number of things.  Might be related to vsam (a .NET thing) WinPcap (packet sniffing stuff) or JDO Genie (database type stuff)
0
 
LVL 12

Expert Comment

by:alandc
ID: 12312413
I don't have a solution to your question but the anti-Virus software you refer to is probably AVG (Czech)
http://www.grisoft.com/us/us_index.php
or maybe Kaspersky (Russian)
http://www.kaspersky.com/
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:paradoxloss
ID: 12466898
@Fatal Exception

That screenshot IS from the sysinternals tool.  That's why I'm puzzled.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12482533
Thanks..  hopefully you solved the puzzle..  :)
0
 

Author Comment

by:paradoxloss
ID: 12488692
no, but leaving the question open indefinately isn't fair to those who provided some useful information. :)
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12489339
I wish more of our users felt the same.!!!  thanks again..
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now