Solved

I am using Win XP Pro with the firewall turned on. I found a strange port listing. What is it?

Posted on 2008-06-12
5
321 Views
Last Modified: 2010-04-11
I ran NETSTAT -a and found kaspersky8.kaspersky-labs.com was listed. I do not have the Kasperspy software installed on this system. Why was this port open? Anyone have any ideas?
The Firewall is turned on in my system and I have Avast AV.
Thanks
0
Comment
Question by:ftitus2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
ineya earned 250 total points
ID: 21776228
download tcpview from http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and check which program is connected to this site, you can optionally kill it or close connection from tcpview's context menu
0
 

Author Comment

by:ftitus2
ID: 21776252
Ok, that helped a little. It shows that the origin is ashwebsv.exe which is the Avast is it not? Buy why is Avast calling Kaspersky? Does it use Kaspersky's server maybe?

ashWebSv.exe:3160      TCP      dell5150.kimco.local:1838      kasperskycom8.kaspersky-labs.com:http      CLOSE_WAIT      

It was established for a while.

Also I have this one:
System:4      TCP      dell5150.kimco.local:netbios-ssn      dell5150:0      LISTENING      

What is system 4??

Thanks
0
 
LVL 35

Assisted Solution

by:torimar
torimar earned 250 total points
ID: 21777342
"System 4" seems to be the term TCPView uses for the Windows file and printer sharing services.
Check this: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22866188.html
(Note that the chosen solution is the *wrong* one!)

As to the ashWebSv connection, that is quite strange indeed, all the more since there is no record on the internet that "kasperskycom8" ever existed as a subdomain of kasperky-labs.com. It sure doesn't exist now.
It may be strange, but I'm pretty sure it is nothing to worry about in terms of malware or security. Best would be to contact the Avast team on this matter, I guess.
0
 
LVL 3

Expert Comment

by:ineya
ID: 21779279
Did you browse to kaspersky website? Or maybe it was some advertisment on different page.
If you are still curious, download wireshark and capture all traffic when this connection occurs and then you can really see what's going on :-).

ashWebSv looks like web filtering part of avast, so it checks every traffic made to http ports.
netbios-ssn is samba - a window folder/printer share
0
 

Author Comment

by:ftitus2
ID: 21780638
I had not been to the Kapersky web site prior to the port showing up with Netstat. I did go there after to check it and it did not show up as kaperskycom8 anywhere as torimar said. I am pretty confident that ashwebsv is indeed the Avast server. Anyway, I decided after the reviews to remove Avast and install the 30 day trial of Kapersky since it's reviews are so much higher than Avast. So far so good (but Avast had to be removed and I had to restart a couple times to get it installed; otherwise painless!)
I'll wait a bit before awarding points to see if anyone else has a more definitive answere and if not then I'll share the points with both Ineya and with Torimar since both helped!
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month7 days, 9 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question