interpreting TCPview results

  • Thread starter Thread starter bgreen
  • Start date Start date
B

bgreen

I came home after a day away for work, to find my kids had managed to
infect the computer with all sorts of Spyware (Spyfalcon) and viruses
(Boxed.B & BeovenS!generic).

The viruses seemed easy enough to remove (coming back just once)
unlike the Spyware.

I have looked into additional methods to protect my computer - one
option was to try TCPview.
However, I was unsure about the results which seemed very different to
examples I have seen.

I would appreciate comments on the log below.

Bob

alg.exe:180 TCP bob-2lsxdgjcgtb:1031 bob-2lsxdgjcgtb:0 LISTENING
iexplore.exe:1572 UDP bob-2lsxdgjcgtb:1299 *:*
iexplore.exe:1760 UDP bob-2lsxdgjcgtb:1282 *:*
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1025 bob-2lsxdgjcgtb:0 LISTENING
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1026 bob-2lsxdgjcgtb:0 LISTENING
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1027 bob-2lsxdgjcgtb:0 LISTENING
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1025 localhost:1306 ESTABLISHED
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1027 localhost:1029 ESTABLISHED
lsass.exe:700 UDP bob-2lsxdgjcgtb:isakmp *:*
lsass.exe:700 UDP bob-2lsxdgjcgtb:4500 *:*
msnmsgr.exe:832 UDP bob-2lsxdgjcgtb:1199 *:*
svchost.exe:1052 UDP bob-2lsxdgjcgtb:1047 *:*
svchost.exe:1052 UDP bob-2lsxdgjcgtb:1044 *:*
svchost.exe:1052 UDP bob-2lsxdgjcgtb:1145 *:*
svchost.exe:1136 UDP bob-2lsxdgjcgtb:1900 *:*
svchost.exe:1136 UDP bob-2lsxdgjcgtb:1900 *:*
svchost.exe:928 TCP bob-2lsxdgjcgtb:epmap bob-2lsxdgjcgtb:0 LISTENING
svchost.exe:968 TCP bob-2lsxdgjcgtb:netbios-ssn bob-2lsxdgjcgtb:0 LISTENING
svchost.exe:968 UDP bob-2lsxdgjcgtb:ntp *:*
svchost.exe:968 UDP bob-2lsxdgjcgtb:netbios-ns *:*
svchost.exe:968 UDP bob-2lsxdgjcgtb:ntp *:*
svchost.exe:968 UDP bob-2lsxdgjcgtb:netbios-dgm *:*
System:4 TCP bob-2lsxdgjcgtb:microsoft-ds bob-2lsxdgjcgtb:0 LISTENING
System:4 UDP bob-2lsxdgjcgtb:microsoft-ds *:*
VetMsg.exe:1672 TCP bob-2lsxdgjcgtb:1028 localhost:1025 ESTABLISHED
VetMsg.exe:1672 TCP bob-2lsxdgjcgtb:1029 localhost:1027 ESTABLISHED
 
I came home after a day away for work, to find my kids had managed to
infect the computer with all sorts of Spyware (Spyfalcon) and viruses
(Boxed.B & BeovenS!generic).

The viruses seemed easy enough to remove (coming back just once)
unlike the Spyware.

I have looked into additional methods to protect my computer - one
option was to try TCPview.
However, I was unsure about the results which seemed very different to
examples I have seen.

I would appreciate comments on the log below.
Click to expand...

Bob, other than killing the kids set up a logon account that has NO install
privileges but will let them use the malware infested Internet safely

* Physically disconnect the system from the Internet
* As your system has been majorly comprimised the best way to go is to
retrieve your Windows installation CD and FORMAT the hard drive then install
Windows.
* Install required applications
* Defrag the hard drive
* Install ALL prevention protection on ALL logon User IDS
* Defrag the hard drive

Learn that you should NEVER use your correct email address when posting to
publicly available newsgroups unless you want massive amounts of spam!
The spammer/scammers use automated procedures to gather valid email
addresses to send their cr@p to!
 
I came home after a day away for work, to find my kids had managed to
infect the computer with all sorts of Spyware (Spyfalcon) and viruses
(Boxed.B & BeovenS!generic).

The viruses seemed easy enough to remove (coming back just once)
unlike the Spyware.

I have looked into additional methods to protect my computer - one
option was to try TCPview.
However, I was unsure about the results which seemed very different to
examples I have seen.

I would appreciate comments on the log below.
Click to expand...
As far as TCPView, you're the one who has to make the determination is
something running that should not be running or is something connecting
out or listening that should not be doing so.

I suggest that you use the other tools in the link other than TCPView
and look around some more.

Long

http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html

Short

http://tinyurl.com/klw1

Duane :)
 
Many thanks for all the sound advice,

Perhaps I should borrow one of your armed bears for the kids.


Bob
 
Duane,

Thanks. I have started reading the articles. I will go back to my ISP
and see what programs they rcommend. One problem with free scans etc is
I am never sure who the people offering the scans etc are.

Regarding TCPview I have just started watching how it reacts to
everything I do on the net to see how it works and what looks odd.

Bob
 
Back
Top