Solved

I am using Win XP Pro with the firewall turned on. I found a strange port listing. What is it?

Posted on 2008-06-12
5
317 Views
Last Modified: 2010-04-11
I ran NETSTAT -a and found kaspersky8.kaspersky-labs.com was listed. I do not have the Kasperspy software installed on this system. Why was this port open? Anyone have any ideas?
The Firewall is turned on in my system and I have Avast AV.
Thanks
0
Comment
Question by:ftitus2
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
ineya earned 250 total points
ID: 21776228
download tcpview from http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and check which program is connected to this site, you can optionally kill it or close connection from tcpview's context menu
0
 

Author Comment

by:ftitus2
ID: 21776252
Ok, that helped a little. It shows that the origin is ashwebsv.exe which is the Avast is it not? Buy why is Avast calling Kaspersky? Does it use Kaspersky's server maybe?

ashWebSv.exe:3160      TCP      dell5150.kimco.local:1838      kasperskycom8.kaspersky-labs.com:http      CLOSE_WAIT      

It was established for a while.

Also I have this one:
System:4      TCP      dell5150.kimco.local:netbios-ssn      dell5150:0      LISTENING      

What is system 4??

Thanks
0
 
LVL 35

Assisted Solution

by:torimar
torimar earned 250 total points
ID: 21777342
"System 4" seems to be the term TCPView uses for the Windows file and printer sharing services.
Check this: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22866188.html
(Note that the chosen solution is the *wrong* one!)

As to the ashWebSv connection, that is quite strange indeed, all the more since there is no record on the internet that "kasperskycom8" ever existed as a subdomain of kasperky-labs.com. It sure doesn't exist now.
It may be strange, but I'm pretty sure it is nothing to worry about in terms of malware or security. Best would be to contact the Avast team on this matter, I guess.
0
 
LVL 3

Expert Comment

by:ineya
ID: 21779279
Did you browse to kaspersky website? Or maybe it was some advertisment on different page.
If you are still curious, download wireshark and capture all traffic when this connection occurs and then you can really see what's going on :-).

ashWebSv looks like web filtering part of avast, so it checks every traffic made to http ports.
netbios-ssn is samba - a window folder/printer share
0
 

Author Comment

by:ftitus2
ID: 21780638
I had not been to the Kapersky web site prior to the port showing up with Netstat. I did go there after to check it and it did not show up as kaperskycom8 anywhere as torimar said. I am pretty confident that ashwebsv is indeed the Avast server. Anyway, I decided after the reviews to remove Avast and install the 30 day trial of Kapersky since it's reviews are so much higher than Avast. So far so good (but Avast had to be removed and I had to restart a couple times to get it installed; otherwise painless!)
I'll wait a bit before awarding points to see if anyone else has a more definitive answere and if not then I'll share the points with both Ineya and with Torimar since both helped!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now