Uncertain as to what I am looking at, malware prehaps

April 24, 2012

I just rebooted, slow to connect to internet but I had no malware infections.

Microsoft Windows XP [Version 5.1.2600]

C:\Documents and Settings\Wolf>netstat -a -b

Active Connections

Proto Local Address

Foreign Address: sex-girl.ru:0

LISTENING

port 1720

c:\windows\system32\WS2_32.dll

C:\WINDOWS\system32\RPCRT4.dll

c:\windows\system32\rpcss.dll

C:\WINDOWS\system32\svchost.exe

-- unknown component(s) --

[svchost.exe]

TCP

ehwolf:microsoft-ds

sex-girl.ru:0

LISTENING

port 4

[system]

TCP ehwolf:1025

sex-girl.ru:0

LISTENING

port 464

[LEXPPS.EXE]

TCP ehwolf:1095

sex-girl.ru:0

LISTENING

port 3596

[alg.exe]

TCP ehwolf:2559

sex-girl.ru:0

LISTENING

port 204

[daemonu.exe]

TCP ehwolf:5152

sex-girl.ru:0

LISTENING

port 992

[jqs.exe]

TCP ehwolf:5354

sex-girl.ru:0

LISTENING

port 1876

[mDNSResponder.exe]

TCP ehwolf:31416

sex-girl.ru:0

LISTENING

port 1824

[boinc.exe]

TCP ehwolf:netbios-ssn

sex-girl.ru:0

LISTENING

port 4

[system]

C:\Documents and Settings\Wolf>

8,366 · April 24, 2012

Stop visiting porn sites

sex-girl.ru:0

31,906 · April 25, 2012

Normally a listening foreign address would be 0.0.0.0, which means all of them -- not sure why yours is resolving it to sex-girl.ru -- is that the name of your machine?? Or it could be the actual address? But state would not be listening if you had a connection. Would say something like established or close_wait or if trying to make the connection syn_sent, etc. Listening just means that - listening on that port for a connection from normally ALL addresses 0.0.0.0.

example

C:\Windows\system32&gt;netstat -a -b -n

Active Connections

  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:80			 0.0.0.0:0			  LISTENING

C:\Windows\system32&gt;netstat -a -b

Active Connections

  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:80			 i5-w7:0				LISTENING

See with the -n it does not resolve the addresses, I would assume ewolf is something in your host file for the name of your box? Post again with -n and in code tags so get some format to the layout.

Sign In

Uncertain as to what I am looking at, malware prehaps

Recommended Posts

Alley Cat

Link to comment

Share on other sites

Detection

Link to comment

Share on other sites

+BudMan MVC

Link to comment

Share on other sites

Recently Browsing 0 members

Similar Content

GitHub abused to host malware and create download links seemingly affiliated with Microsoft

Ten years ago, Windows XP received its final update

Beware, cheaters: Malware campaign targets Call of Duty players using third-party apps

A quick look back at Microsoft Pinball that was bundled with some Windows versions

Remember Y2K? Windows 95, 98, 2000-era app surprisingly stands tall against Y2K38 superbug

Company

Community

Social

Partners

Forums

News

Features

More

Themes