PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Windows XP > Windows XP Help > Analyzing Sysinternals TCPView

Reply
Thread Tools Rate Thread

Analyzing Sysinternals TCPView

 
 
the K
Guest
Posts: n/a
 
      26th Feb 2009
I suspect there is malware on my machine because of spikes of up to 100% CPU
usage. I have Eset's Nod 32 antivirus software and one of it's files,
ekrn.exe looks suspicious. I downloaded Sysinternal's TCPView, but there's
not much documentation on it and I'm not network savvy.

To begin with, what do the various connection states aside from Establisthed
mean in TCPView?

I see one connection where the remote address is localhost:1081. What type
of connection does that represent?

Here's the suspicious part, the ekrn.exe process has established connections
with websites I'm not aware of after clicking Whois on that row. Furthermore,
when I closed one of the connections, 8 ekrn.exe rows appeared with
Establisthed connections, some of which display errors when I click Whois.
From what I've explained, would you think that this process has been hacked
to accomodate malware?
 
Reply With Quote
 
 
 
 
Twayne
Guest
Posts: n/a
 
      26th Feb 2009
the K wrote:
> I suspect there is malware on my machine because of spikes of up to
> 100% CPU usage. I have Eset's Nod 32 antivirus software and one of
> it's files, ekrn.exe looks suspicious. I downloaded Sysinternal's
> TCPView, but there's not much documentation on it and I'm not network
> savvy.
>
> To begin with, what do the various connection states aside from
> Establisthed mean in TCPView?
>
> I see one connection where the remote address is localhost:1081. What
> type of connection does that represent?
>
> Here's the suspicious part, the ekrn.exe process has established
> connections with websites I'm not aware of after clicking Whois on
> that row. Furthermore, when I closed one of the connections, 8
> ekrn.exe rows appeared with Establisthed connections, some of which
> display errors when I click Whois. From what I've explained, would
> you think that this process has been hacked to accomodate malware?

The file itself seems to be OK but a Google search reveals a LOT of
people with your same problem. I'd recommend looking thu some of those.
Here's just one I picked at random:
http://forums.techguy.org/general-se...-ekrn-exe.html

I didn't dig into it because it was so easy to find, but you should,
since it's so widespread a problem.

Cheers,

Twayne
 
Reply With Quote
Reply

« Converting system partition to NTFS | disappearing email »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
TCPView usability Dave Windows XP Networking 1 3rd Jun 2009 06:31 PM
tcpview with Bytes in and out Trish Windows XP General 0 3rd Jun 2008 09:46 AM
TCPView questions Virus Guy Anti-Virus 6 15th Apr 2006 05:07 PM
[Update] TCPView v2.4 ArjanDotOrg Freeware 0 25th Apr 2005 03:29 PM
Interpreting tcpview output Leslie Windows XP Security 3 15th Aug 2004 09:16 PM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 09:29 AM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top