Solved

I am using Win XP Pro with the firewall turned on. I found a strange port listing. What is it?

Posted on 2008-06-12
5
319 Views
Last Modified: 2010-04-11
I ran NETSTAT -a and found kaspersky8.kaspersky-labs.com was listed. I do not have the Kasperspy software installed on this system. Why was this port open? Anyone have any ideas?
The Firewall is turned on in my system and I have Avast AV.
Thanks
0
Comment
Question by:ftitus2
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
ineya earned 250 total points
ID: 21776228
download tcpview from http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and check which program is connected to this site, you can optionally kill it or close connection from tcpview's context menu
0
 

Author Comment

by:ftitus2
ID: 21776252
Ok, that helped a little. It shows that the origin is ashwebsv.exe which is the Avast is it not? Buy why is Avast calling Kaspersky? Does it use Kaspersky's server maybe?

ashWebSv.exe:3160      TCP      dell5150.kimco.local:1838      kasperskycom8.kaspersky-labs.com:http      CLOSE_WAIT      

It was established for a while.

Also I have this one:
System:4      TCP      dell5150.kimco.local:netbios-ssn      dell5150:0      LISTENING      

What is system 4??

Thanks
0
 
LVL 35

Assisted Solution

by:torimar
torimar earned 250 total points
ID: 21777342
"System 4" seems to be the term TCPView uses for the Windows file and printer sharing services.
Check this: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22866188.html
(Note that the chosen solution is the *wrong* one!)

As to the ashWebSv connection, that is quite strange indeed, all the more since there is no record on the internet that "kasperskycom8" ever existed as a subdomain of kasperky-labs.com. It sure doesn't exist now.
It may be strange, but I'm pretty sure it is nothing to worry about in terms of malware or security. Best would be to contact the Avast team on this matter, I guess.
0
 
LVL 3

Expert Comment

by:ineya
ID: 21779279
Did you browse to kaspersky website? Or maybe it was some advertisment on different page.
If you are still curious, download wireshark and capture all traffic when this connection occurs and then you can really see what's going on :-).

ashWebSv looks like web filtering part of avast, so it checks every traffic made to http ports.
netbios-ssn is samba - a window folder/printer share
0
 

Author Comment

by:ftitus2
ID: 21780638
I had not been to the Kapersky web site prior to the port showing up with Netstat. I did go there after to check it and it did not show up as kaperskycom8 anywhere as torimar said. I am pretty confident that ashwebsv is indeed the Avast server. Anyway, I decided after the reviews to remove Avast and install the 30 day trial of Kapersky since it's reviews are so much higher than Avast. So far so good (but Avast had to be removed and I had to restart a couple times to get it installed; otherwise painless!)
I'll wait a bit before awarding points to see if anyone else has a more definitive answere and if not then I'll share the points with both Ineya and with Torimar since both helped!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question