Solved

netstat shows suspicious connections

Posted on 2008-10-17
4
1,170 Views
Last Modified: 2013-12-04
since few days,  there are lot of suspicoius activities on my desktop like double click does not open the file or database connection.
hence to check it i executed netstat command to see who is connected to my machine
and everytime i have this problem and after i run netstat i get list of connections, one of which is machine of my coworker. everytime i have such unusual behaviors running on my pc and i run netstat i find a connection with my co-workers' machine
the connection was through port - 1865
can you pl help whats going on,,,
0
Comment
Question by:at999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
OriNetworks earned 250 total points
ID: 22747069
You can begin by running netstat -b

the -b switch will show you what program is running on that port. It may be nothing to worry about but my biggest question is are you using a firewall?? This is the most basic step you can take to protect yourself. Also, do you have any antivirus software installed and up to date. Lastly, do you have a good AntiSpyware program such as Microsofts free Windows Defender installed?

I would do a full scan with you AntiVirus and AntiSpyware software just to be safe and make sure your firewall in ON
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 250 total points
ID: 22747542
A Hijackthis scan log would help to show what is going on on your pc.

Download here:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Download the installer. Click on "Do a system scan and save a logfile". Post the scan log here via the "attach code snippet" box below.
0
 

Author Comment

by:at999
ID: 22749359
thnks for ur comments...

actually this is not continuous ,....
sometimes this happens, and everytime i see such supicious behavior of applications I use like double click on that application wont work etc.,  i find that the machine of my co-worker is connected to my machine

when i do a netstat -b,  it does not list any program that is running on this port...

i'll try turning firewall on...  will the window's xp firewal be enough
mny thnks
0
 

Author Comment

by:at999
ID: 22758043
Netstat commands shows this

TCP    DEF:3782           ABC http  ESTABLISHED     732
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WININET.dll
-- unknown component(s) --

where ABC is my coworker's machine and DEF is my machine  
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question