Uncertain as to what I am looking at, malware prehaps

Topic	Stats	Last action by
Star Trek Into Darkness in The Media Room	1014 Replies	theyarecomingforyou
Opera announces 'gradual transition' to WebKit for desktop and mobi in Back Page News	155 Replies	iwod
Epic Threads forum? in Site & Forum Issues	9 Replies	MightyJordan
New Build / Upgrade in Hardware Hangout	New!	Vignesh
Is Terrorism a Muslim Monopoly? in Real World News	16 Replies	hamslammer

Star Trek Into Darkness in The Media Room

1014 Replies

theyarecomingforyou

Opera announces 'gradual transition' to WebKit for desktop and mobi in Back Page News

155 Replies

iwod

Epic Threads forum? in Site & Forum Issues

9 Replies

MightyJordan

New Build / Upgrade in Hardware Hangout

New!

Vignesh

Is Terrorism a Muslim Monopoly? in Real World News

16 Replies

hamslammer

Uncertain as to what I am looking at, malware prehaps

#1 Alley Cat

Neowinian³

279 posts

Joined:

28-May 08

Location: Botswana

Posted 24 April 2012 - 21:23

I just rebooted, slow to connect to internet but I had no malware infections.

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Wolf>netstat -a -b

Active Connections

Proto Local Address
Foreign Address: sex-girl.ru:0
LISTENING
port 1720

c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
-- unknown component(s) --
[svchost.exe]

TCP
ehwolf:microsoft-ds
sex-girl.ru:0
LISTENING
port 4
[System]

TCP ehwolf:1025
sex-girl.ru:0
LISTENING
port 464
[LEXPPS.EXE]

TCP ehwolf:1095
sex-girl.ru:0
LISTENING
port 3596
[alg.exe]

TCP ehwolf:2559
sex-girl.ru:0
LISTENING
port 204
[daemonu.exe]

TCP ehwolf:5152
sex-girl.ru:0
LISTENING
port 992
[jqs.exe]

TCP ehwolf:5354
sex-girl.ru:0
LISTENING
port 1876
[mDNSResponder.exe]

TCP ehwolf:31416
sex-girl.ru:0
LISTENING
port 1824
[boinc.exe]

TCP ehwolf:netbios-ssn
sex-girl.ru:0
LISTENING
port 4
[System]

C:\Documents and Settings\Wolf>

Ad Bot

Group: Treasury
Register: It's Free!

#2 Detection

Detecting stuff...

8,369 posts

Joined:

30-October 10

Location: UK
OS: 7 SP1 x64

Posted 24 April 2012 - 21:35

Stop visiting porn sites

sex-girl.ru:0

#3 +BudMan

Neowinian Super Star

23,797 posts

Joined:

04-July 02

Location: Schaumburg, IL
OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 25 April 2012 - 12:11

Normally a listening foreign address would be 0.0.0.0, which means all of them -- not sure why yours is resolving it to sex-girl.ru -- is that the name of your machine?? Or it could be the actual address? But state would not be listening if you had a connection. Would say something like established or close_wait or if trying to make the connection syn_sent, etc. Listening just means that - listening on that port for a connection from normally ALL addresses 0.0.0.0.

example

C:\Windows\system32>netstat -a -b -n

Active Connections

  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:80			 0.0.0.0:0			  LISTENING

C:\Windows\system32>netstat -a -b

Active Connections

  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:80			 i5-w7:0				LISTENING

See with the -n it does not resolve the addresses, I would assume ewolf is something in your host file for the name of your box? Post again with -n and in code tags so get some format to the layout.

Neowin

Where unprofessional journalism looks better.

Close Mini Spy

Uncertain as to what I am looking at, malware prehaps

#1 Alley Cat

Ad Bot

#2 Detection

#3 +BudMan