Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Something odd is happening.

  1. #1
    Banned
    Join Date
    Apr 2003
    Posts
    3,839

    Something odd is happening.

    Ok this is creepy. look at this

    netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1500 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1501 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1101 127.0.0.1:1458 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1460 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1462 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1464 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1474 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1476 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1480 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1490 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1492 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1494 TIME_WAIT
    TCP 127.0.0.1:1470 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1478 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1482 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1484 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1486 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1488 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:11523 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:11523 127.0.0.1:1453 TIME_WAIT
    TCP 127.0.0.1:11523 127.0.0.1:1459 TIME_WAIT
    TCP 127.0.0.1:11523 127.0.0.1:1465 TIME_WAIT
    TCP 127.0.0.1:11523 127.0.0.1:1495 TIME_WAIT
    TCP 172.173.122.153:1035 0.0.0.0:0 LISTENING
    TCP 172.173.122.153:1035 205.188.67.139:13784 ESTABLISHED
    TCP 172.173.122.153:1041 64.12.24.228:5190 ESTABLISHED
    TCP 172.173.122.153:1500 63.146.109.210:80 SYN_SENT
    TCP 172.173.122.153:1501 63.146.109.210:80 SYN_SENT
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1043 *:*
    UDP 0.0.0.0:1157 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1406 *:*
    UDP 127.0.0.1:1438 *:*
    UDP 172.173.122.153:123 *:*
    the 0.0.0.0.0 are IE connections. I run antyports and it showed me that IE,AOL,lsaas, system and svchost is going through those. And: Pictures, banners, or simple small gif's wont display on websites, AIM won't connect,(Aim service can't be reached), and i can't download anything with DAP 7.0, it won't connect to the ftp server to download ad-aware. Im gonna go thourgh my CD's and see where i can find ad-aware, install it, run it and see what i get, i also am gonna do a virus scan. I currently don't have a firewall installed, so i can't tell you guys if anything specific has been connecting to my computer.I'll give an update when i run all the scans. I also looked at all my folders, registry, start-up, and task manager, nothin unusual is running, nothin unusual has been installed.

  2. #2
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Hot damn that's a weird netstat. I would run one of those programs that shows connections and the program that opened it. You running any p2p stuff?
    Real security doesn't come with an installer.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    check your hosts file
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    That looks almost like mine? And mine I just rebuilt.
    I have 315 relays and 118 switches and have all the power of a calculator.

  5. #5
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Wait a minute...1st entry...you said that all the 0.0.0.0 are IE connections, right?

    Why the hell is IE listening on port 135 and 445?

    just curious

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Mines kinda like that as well.


    _
    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:113 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3024 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3120 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3122 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:4134 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:4135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:4245 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1027 127.0.0.1:4134 ESTABLISHED
    TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3012 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3120 127.0.0.1:1027 CLOSE_WAIT
    TCP 127.0.0.1:3122 127.0.0.1:1027 CLOSE_WAIT
    TCP 127.0.0.1:4134 127.0.0.1:1027 ESTABLISHED
    TCP 192.168.0.1:139 0.0.0.0:0 LISTENING
    TCP 192.168.0.1:1781 192.168.0.1:2869 TIME_WAIT
    TCP 192.168.0.1:2869 192.168.0.1:30947 ESTABLISHED
    TCP 192.168.0.1:24145 192.168.0.1:2869 TIME_WAIT
    TCP 192.168.0.1:30947 0.0.0.0:0 LISTENING
    TCP 192.168.0.1:30947 192.168.0.1:2869 ESTABLISHED
    TCP 208.180.47.89:4135 207.46.106.133:1863 ESTABLISHED
    TCP 208.180.47.89:4245 212.147.10.42:6667 ESTABLISHED
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1026 *:*
    UDP 0.0.0.0:1028 *:*
    UDP 0.0.0.0:3004 *:*
    UDP 0.0.0.0:3010 *:*
    UDP 0.0.0.0:3019 *:*
    UDP 0.0.0.0:4141 *:*
    UDP 0.0.0.0:4246 *:*
    UDP 0.0.0.0:4247 *:*
    UDP 0.0.0.0:6327 *:*
    UDP 0.0.0.0:6459 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:2234 *:*
    UDP 127.0.0.1:3005 *:*
    UDP 127.0.0.1:3013 *:*
    UDP 127.0.0.1:4913 *:*
    UDP 192.168.0.1:53 *:*
    UDP 192.168.0.1:67 *:*
    UDP 192.168.0.1:68 *:*
    UDP 192.168.0.1:123 *:*
    UDP 192.168.0.1:137 *:*
    UDP 192.168.0.1:138 *:*
    UDP 192.168.0.1:1900 *:*
    UDP 192.168.0.1:2234 *:*
    UDP 192.168.0.1:24131 *:*
    UDP 208.180.47.89:9 *:*
    UDP 208.180.47.89:123 *:*
    UDP 208.180.47.89:1900 *:*
    UDP 208.180.47.89:2234 *:*
    UDP 208.180.47.89:37890 *:*

    C:\Documents and Settings\Matt>
    =

  7. #7
    Senior Member
    Join Date
    Dec 2002
    Posts
    275
    Here's mine:

    C:\Documents and Settings\(>netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    UDP 0.0.0.0:1025 *:*
    I think some of you need to take a trip over to services.msc and 'cut the fat'.

    .dublix

  8. #8
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Damn, cheyenne1212..135, 137,138, 139 and 445 open.....you do have a hardware firewall...right?

    If not, give me your public IP I'll just use Matt's username.

    Just Kidding
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  9. #9
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    Wait a minute...1st entry...you said that all the 0.0.0.0 are IE connections, right?
    Some of them, i posted that some of them are from IE,AOL,lsaas, system and svchost.

    It's all good now, though. I ran ad-aware, found 4 registry entries and 2 files. I deleted them and restarted. everything works fine now.

  10. #10
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    sorry for the dobule post but i had to attach a file. I ran antiy ports(program) again and now this is really weird. I'm only on one AIM screen name(no double AIM's running) and i only have on IE open but look at all those connections.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •