Solved

Source port 5504 using UDP conecting to hundreds of ramdon IPs.....HELP STOP IT!!!

Posted on 2007-08-09
5
259 Views
Last Modified: 2008-01-09
I have a computer that has hundeds of internet connections and i don't know why. My firewall says there are well over 900 connections on source prot 5504 using UDP connecting to random IP addresses. I have ran the antivirus and spyware programs but nothing short of disconnection helps. What do i need to look for???????
0
Comment
Question by:ncagroup
5 Comments
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 100 total points
Comment Utility
Get hijackthis from www.hijackthis.de

1. Run it and post the output there itself for analysis. Then post the link to the analysis here.

Cheers,
Rajesh
0
 

Author Comment

by:ncagroup
Comment Utility
ok i will do that....
0
 
LVL 69

Expert Comment

by:Merete
Comment Utility
sounds like someone has probably added port forwarding, are using a torrent program such as bitcomet or such?
0
 
LVL 69

Accepted Solution

by:
Merete earned 300 total points
Comment Utility
test with this, just remembered it. I found it exceptionally handy
active ports
Easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP/IP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to close any port. Active Ports can help you to detect trojans and other malicious programs.
http://www.majorgeeks.com/Active_Ports_d682.html
0
 
LVL 25

Assisted Solution

by:Ron M
Ron M earned 100 total points
Comment Utility
go to command prompt... type "netstat -b"     Find one of the connections.... and in the last column...you will see "PID" stands for process ID.  If you open task manager and go to the processes tab, you will be able to see the PID that matches the connections shown in the command prompt window.....END PROCESS....  now do a search on your C: for the name of the executable that you just killed..  Rename it or delete it......reboot... check again to see if you have outbound connections..

You may have to investigate further...but that is how you identify and stop it.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now