How do you find a rogue program in services.exe?

  • Thread starter Thread starter Anonymous User
  • Start date Start date
A

Anonymous User

Hi,

I have a system that netstat -a -b shows tons of connections to smtp servers
and the pid is 852, services.exe.

How can I find out what program or dll is causing it and stop it?

Thanks,

Alan
 
Anonymous said:
Hi,

I have a system that netstat -a -b shows tons of connections to smtp servers
and the pid is 852, services.exe.

How can I find out what program or dll is causing it and stop it?

Thanks,

Alan
Click to expand...

Hello Alan:

CurrPorts/CPorts from <http://www.nirsoft.net/utils/cports.html> will
assist you in associating an application with an IP address.

These may be due to browser plug-ins and applications your system
starts with. Many may be things you installed long ago and have now
forgotten.

As Leonard has already posted, good quality antimalware tools might be
helpful. Your antimalware list should at least /minimally/ include:

MBAM: <http://www.malwarebytes.org/> Run in normal mode.
SAS: <http://www.superantispyware.com/> Run in "Safe" mode.
MSRT: <http://www.microsoft.com/security/malwareremove/default.aspx>
Windows Defender:
<http://www.microsoft.com/windows/products/winfamily/defender/default.mspx>

HTH
 
Hi,

I have a system that netstat -a -b shows tons of connections to
smtp servers and the pid is 852, services.exe.

How can I find out what program or dll is causing it and stop it?

Thanks,

Alan
Click to expand...

Start the Task Manager
Start -> Run -> "taskmgr"
Click on "Processes" tab
From the menu:
View -> Select Columns -> Check "PID" -> OK
You can now see which tasks associate with each PID.
Find your matching PID.
You can select them and click "end process" to stop them.
Note that services should be stopped via:
Start -> Run -> services.msc

HTH,
John
 
Back
Top