Re: evidence of trojan infection?

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/29/04 

Date: Sun, 29 Feb 2004 17:42:25 -0500

NETSTAT -A
Produces only a static view.

TCPView.exe { http://www.sysinternals.com/ } is a dynamic Win32 program and will also show
the program that opens the port which connects to the Internet.

Dave

"LongPoint" <anonymous@discussions.microsoft.com> wrote in message
news:1a0401c3ff14$02ede600$a601280a@phx.gbl...
| In DOS mode type the command:
|
| netstat -a
|
| Then press ENTER.
|
| You will get a list of active ports in use.
|
| LP
|
| >-----Original Message-----
| >I'm running W2K pro, and am using autoupdate, and believe
| I have all the
| >security patches installed.
| >
| >I access my ISP via dial up.
| >
| >If I stay connected for some time, I see HUGE amounts of
| data being sent,
| >even if I am not running any applications that would
| explain that.
| >
| >Today, in 3 hr 45 min, I've SENT 349,198,000 bytes, while
| running only
| >Outlook Express..
| >
| >I'm using Norton Antivirus with autoprotect enabled, and
| with current virus
| >definitions. Full system scan finds no viruses.
| >
| >I've also run Spybot Search & Destroy, and immunized with
| it against
| >"spyware" installation.
| >
| >I'm concerned about all the data I'm evidently puking
| onto the web.
| >
| >Anybody have any experience in this, or know where to
| refer me?
| >
| >How can I tell which application or process is using the
| com port attached
| >to my modem?
| >
| >Regards;
| >
| >Dave
| >
| >
| >
| >
| >.
| >

Relevant Pages

  • Re: Have I been compromised? chkrootkit: "Warning: Possible LKM Trojan installed" - nmap:
    ... assuming netstat wasn't one of the programs ... listed there for port 1313 correspond to the PIDs chkproc spit out. ... all your services while you upgrade all the software that needs upgrading. ... > Every week or so I'll run chkrootkit, mostly just because I feel I ...
    (comp.os.linux.security)
  • Subject: Re: Reading Ports ! 7/4/2005 9:08 AM PST
    ... Good evening Team: ... >How can I know, when some Pc has connected to my pc through some port ?, ... Bring up a command prompt and type "netstat -a". ...
    (microsoft.public.dotnet.languages.vc)
  • Re: Netstat Problem on solaris 5.8
    ... with any of the display formats. ... You should then be able to find the port with the name without using the option ... we used the following command in shell script: ... The output of netstat on solaris is creating a problem for us ...
    (comp.unix.solaris)
  • RE: I think Ive been hacked...please help!
    ... > connecting within seconds of boot. ... port scanning the machine from the outside ... experience performing incident response activities, ... one will run netstat and see something listening on ...
    (Incidents)
  • Re: Help, my machine has been hacked
    ... >> also take a look at processes running in your system, ... >> opened (netstat -tupan), environment changesetc. ... If you provide port 80 to the outside ... filter invalid packets, in particular tcp scans with invalid flags, where ...
    (comp.os.linux.security)