?
Solved

netstat shows suspicious connections

Posted on 2008-10-17
4
Medium Priority
?
1,194 Views
Last Modified: 2013-12-04
since few days,  there are lot of suspicoius activities on my desktop like double click does not open the file or database connection.
hence to check it i executed netstat command to see who is connected to my machine
and everytime i have this problem and after i run netstat i get list of connections, one of which is machine of my coworker. everytime i have such unusual behaviors running on my pc and i run netstat i find a connection with my co-workers' machine
the connection was through port - 1865
can you pl help whats going on,,,
0
Comment
Question by:at999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
OriNetworks earned 750 total points
ID: 22747069
You can begin by running netstat -b

the -b switch will show you what program is running on that port. It may be nothing to worry about but my biggest question is are you using a firewall?? This is the most basic step you can take to protect yourself. Also, do you have any antivirus software installed and up to date. Lastly, do you have a good AntiSpyware program such as Microsofts free Windows Defender installed?

I would do a full scan with you AntiVirus and AntiSpyware software just to be safe and make sure your firewall in ON
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 750 total points
ID: 22747542
A Hijackthis scan log would help to show what is going on on your pc.

Download here:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Download the installer. Click on "Do a system scan and save a logfile". Post the scan log here via the "attach code snippet" box below.
0
 

Author Comment

by:at999
ID: 22749359
thnks for ur comments...

actually this is not continuous ,....
sometimes this happens, and everytime i see such supicious behavior of applications I use like double click on that application wont work etc.,  i find that the machine of my co-worker is connected to my machine

when i do a netstat -b,  it does not list any program that is running on this port...

i'll try turning firewall on...  will the window's xp firewal be enough
mny thnks
0
 

Author Comment

by:at999
ID: 22758043
Netstat commands shows this

TCP    DEF:3782           ABC http  ESTABLISHED     732
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WININET.dll
-- unknown component(s) --

where ABC is my coworker's machine and DEF is my machine  
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
OfficeMate Freezes on login or does not load after login credentials are input.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month8 days, 20 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question