Uncertain as to what I am looking at, malware prehaps

By Alley Cat
in Smart Home, Network & Security

 Share

Recommended Posts

Rising Star

Alley Cat

Posted
Posted

I just rebooted, slow to connect to internet but I had no malware infections.

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Wolf>netstat -a -b

Active Connections

Proto Local Address

Foreign Address: sex-girl.ru:0

LISTENING

port 1720

c:\windows\system32\WS2_32.dll

C:\WINDOWS\system32\RPCRT4.dll

c:\windows\system32\rpcss.dll

C:\WINDOWS\system32\svchost.exe

-- unknown component(s) --

[svchost.exe]

TCP

ehwolf:microsoft-ds

sex-girl.ru:0

LISTENING

port 4

[system]

TCP ehwolf:1025

sex-girl.ru:0

LISTENING

port 464

[LEXPPS.EXE]

TCP ehwolf:1095

sex-girl.ru:0

LISTENING

port 3596

[alg.exe]

TCP ehwolf:2559

sex-girl.ru:0

LISTENING

port 204

[daemonu.exe]

TCP ehwolf:5152

sex-girl.ru:0

LISTENING

port 992

[jqs.exe]

TCP ehwolf:5354

sex-girl.ru:0

LISTENING

port 1876

[mDNSResponder.exe]

TCP ehwolf:31416

sex-girl.ru:0

LISTENING

port 1824

[boinc.exe]

TCP ehwolf:netbios-ssn

sex-girl.ru:0

LISTENING

port 4

[system]

C:\Documents and Settings\Wolf>

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Normally a listening foreign address would be 0.0.0.0, which means all of them -- not sure why yours is resolving it to sex-girl.ru -- is that the name of your machine?? Or it could be the actual address? But state would not be listening if you had a connection. Would say something like established or close_wait or if trying to make the connection syn_sent, etc. Listening just means that - listening on that port for a connection from normally ALL addresses 0.0.0.0.

example

C:\Windows\system32>netstat -a -b -n

Active Connections

  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:80			 0.0.0.0:0			  LISTENING


C:\Windows\system32>netstat -a -b

Active Connections

  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:80			 i5-w7:0				LISTENING

See with the -n it does not resolve the addresses, I would assume ewolf is something in your host file for the name of your box? Post again with -n and in code tags so get some format to the layout.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft finally launches WSL Containers in public preview

      By Legend20 · Posted

      Slick!
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By Rosyna · Posted

      Yes, it was amusing at the time because even then dbrand was well known for stealing the designs of products from other companies. That’s what they do.
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By ZipZapRap · Posted

      Didn’t Dbrand once complain that Casetify was ripping off their designs a well? seems pretty bad of them to try and get around Valve’s copyright this way with that in mind.
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By David Uzondu · Posted

      Dbrand thought they could get away with this Steam Machine case, Valve disagreed by David Uzondu Image via Dbrand Dbrand has cancelled its highly anticipated Companion Cube enclosure for the Valve Steam Machine, which it teased back in November of last year with a concept render and sign-up page, because it did not ask Valve for permission first before manufacturing the case. According to Dbrand, it took the "backwards approach" of building the product first before asking for permission from the copyright holder. Seven months of work went into the project, requiring over a thousand engineering hours from the design team. Workers developed forty-four sets of injection molding tools, making a unique mold for each sub-component of the crate. When the Companion Cube went live on Monday last week, it, according to Dbrand, quickly became the second-fastest-selling product in the company's fifteen-year history, racking up orders for hundreds of thousands of units. Customers eagerly bought the $129.95 deluxe edition or the bare-bones $99.95 version, which the manufacturer cheekily branded as the "Poverty Cube". It was around this time that the legal eagles at Valve descended on the accessory maker with a formal demand. The developer pointed out that the iconic block design remains protected intellectual property from the game Portal, so unlicensed sales had to stop. Dbrand said that all its pleas to salvage the project with the Valve team, including proposals to run a properly licensed release under official terms "with their blessing", fell on deaf ears, so it had no choice but to obey and remove every trace of the product from the internet. If you bought the enclosure, the company said that banks will process your refund by the end of this week, but if it still hasn't arrived in your account by then, you should not hesitate to contact support. The Steam Machine itself is a high-performance console that Valve designed directly to bring PC gaming into the living room. It was announced on 12th November 2025 (the same day Dbrand announced the Cube) and runs on the Linux-based SteamOS, the same OS that powers the Steam Deck. As for the price, due to the shortage of memory and storage chips, the hardware cost landed much higher than people were expecting, starting at $1,049 for the 512 model (without a controller) or $1,128 with the new gamepad. The premium 2 TB model pushes those prices even higher, selling at $1,349 for the standalone console and hitting $1,428 if you want the bundle.
    • Politically funny images of the World

      By +Edouard · Posted

  • Recent Achievements

    • Rookie
      Almohandis went up a rank
      Rookie
    • Apprentice
      jahara21 went up a rank
      Apprentice
    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      534
    2. 2
      +Edouard
      266
    3. 3
      PsYcHoKiLLa
      148
    4. 4
      Steven P.
      97
    5. 5
      macoman
      57
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!