Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I am using Win XP Pro with the firewall turned on. I found a strange port listing. What is it?

Posted on 2008-06-12
5
Medium Priority
?
324 Views
Last Modified: 2010-04-11
I ran NETSTAT -a and found kaspersky8.kaspersky-labs.com was listed. I do not have the Kasperspy software installed on this system. Why was this port open? Anyone have any ideas?
The Firewall is turned on in my system and I have Avast AV.
Thanks
0
Comment
Question by:ftitus2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
ineya earned 750 total points
ID: 21776228
download tcpview from http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and check which program is connected to this site, you can optionally kill it or close connection from tcpview's context menu
0
 

Author Comment

by:ftitus2
ID: 21776252
Ok, that helped a little. It shows that the origin is ashwebsv.exe which is the Avast is it not? Buy why is Avast calling Kaspersky? Does it use Kaspersky's server maybe?

ashWebSv.exe:3160      TCP      dell5150.kimco.local:1838      kasperskycom8.kaspersky-labs.com:http      CLOSE_WAIT      

It was established for a while.

Also I have this one:
System:4      TCP      dell5150.kimco.local:netbios-ssn      dell5150:0      LISTENING      

What is system 4??

Thanks
0
 
LVL 35

Assisted Solution

by:torimar
torimar earned 750 total points
ID: 21777342
"System 4" seems to be the term TCPView uses for the Windows file and printer sharing services.
Check this: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22866188.html
(Note that the chosen solution is the *wrong* one!)

As to the ashWebSv connection, that is quite strange indeed, all the more since there is no record on the internet that "kasperskycom8" ever existed as a subdomain of kasperky-labs.com. It sure doesn't exist now.
It may be strange, but I'm pretty sure it is nothing to worry about in terms of malware or security. Best would be to contact the Avast team on this matter, I guess.
0
 
LVL 3

Expert Comment

by:ineya
ID: 21779279
Did you browse to kaspersky website? Or maybe it was some advertisment on different page.
If you are still curious, download wireshark and capture all traffic when this connection occurs and then you can really see what's going on :-).

ashWebSv looks like web filtering part of avast, so it checks every traffic made to http ports.
netbios-ssn is samba - a window folder/printer share
0
 

Author Comment

by:ftitus2
ID: 21780638
I had not been to the Kapersky web site prior to the port showing up with Netstat. I did go there after to check it and it did not show up as kaperskycom8 anywhere as torimar said. I am pretty confident that ashwebsv is indeed the Avast server. Anyway, I decided after the reviews to remove Avast and install the 30 day trial of Kapersky since it's reviews are so much higher than Avast. So far so good (but Avast had to be removed and I had to restart a couple times to get it installed; otherwise painless!)
I'll wait a bit before awarding points to see if anyone else has a more definitive answere and if not then I'll share the points with both Ineya and with Torimar since both helped!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question