N
NEWS
After installing XP SP2, I see that there is a program with no name(using
netstat) with pid 0 accessing the some IP addresses with port 80 and port
2080. Both ports are web services.
Here's the output of netstat -o:
Proto Local Address Foreign Address State PID
TCP merlin-pc:1505 64.191.126.160:2080 ESTABLISHED 1720
TCP merlin-pc:1487 65.216.112.32:http TIME_WAIT 0
NOTE: I used msconfig to troubleshoot and find out which program it was but
it did not help. Task Manager did not help either because the process has no
name because the process could be in-kernel. It looks like it's System Idle
Process but I am not sure about it because there is no way for me unless I
underdand and know where to look at the kernel. Can I do memory dump and
find out? Debug? I have been trying to fix this for about a week now. I
downloaded some tools but did not help because the tools could not name the
process. I am after finding out the name of the process and stopping it. I
guess the next solution could be replacing svchost.
I don't think the tasklist output helps but Here's the output of tasklist
/v:
Image Name PID Session Name Session# Mem Usage
Status User Name CPU
Time Window Title
========================= ====== ================ ======== ============
=============== ==================================================
============ ===========================================================
System Idle Process 0 Console 0 16 K
Running NT AUTHORITY\SYSTEM
2:42:39 N/A
System 4 Console 0 32 K
Running NT AUTHORITY\SYSTEM
0:00:11 N/A
SMSS.EXE 552 Console 0 40 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
CSRSS.EXE 628 Console 0 1,372 K
Running NT AUTHORITY\SYSTEM
0:00:30 N/A
WINLOGON.EXE 652 Console 0 368 K
Running NT AUTHORITY\SYSTEM
0:00:01 N/A
SERVICES.EXE 696 Console 0 1,032 K
Running NT AUTHORITY\SYSTEM
0:00:07 N/A
LSASS.EXE 708 Console 0 1,396 K
Running NT AUTHORITY\SYSTEM
0:00:02 N/A
SVCHOST.EXE 860 Console 0 1,360 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
SVCHOST.EXE 948 Console 0 1,244 K
Running NT AUTHORITY\NETWORK SERVICE
0:00:00 N/A
SVCHOST.EXE 1032 Console 0 5,632 K
Running NT AUTHORITY\SYSTEM
0:00:13 N/A
SVCHOST.EXE 1104 Console 0 200 K
Running NT AUTHORITY\NETWORK SERVICE
0:00:00 N/A
SVCHOST.EXE 1204 Console 0 72 K
Running NT AUTHORITY\LOCAL SERVICE
0:00:00 N/A
SPOOLSV.EXE 1416 Console 0 92 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
EXPLORER.EXE 1576 Console 0 4,128 K
Running MERLIN-PC\Merlin
0:01:23 N/A
svchost.exe 1720 Console 0 220 K
Running MERLIN-PC\Merlin
0:00:00 N/A
zlclient.exe 1748 Console 0 1,220 K
Running MERLIN-PC\Merlin
0:00:02 ZoneAlarm Pro
CTFMON.EXE 1776 Console 0 1,072 K
Running MERLIN-PC\Merlin
0:00:03 N/A
AVGSERV.EXE 1888 Console 0 212 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
mdm.exe 1928 Console 0 344 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
WLANCFG4.EXE 1948 Console 0 1,160 K
Running MERLIN-PC\Merlin
0:00:05 NETGEAR MA111 USB Adapter Utility
SNMP.EXE 2016 Console 0 552 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
vsmon.exe 144 Console 0 2,340 K
Running NT AUTHORITY\SYSTEM
0:00:17 N/A
cmd.exe 528 Console 0 20 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe - netstat -na 5
alg.exe 1480 Console 0 84 K
Running NT AUTHORITY\LOCAL SERVICE
0:00:00 N/A
netstat.exe 1612 Console 0 588 K
Running MERLIN-PC\Merlin
0:00:01 N/A
cmd.exe 1864 Console 0 776 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe - tasklist /v
iexplore.exe 1172 Console 0 1,544 K
Running MERLIN-PC\Merlin
0:04:28 Windows XP Newsgroups - Microsoft Internet Explorer
AVGCC32.EXE 1528 Console 0 68 K
Running MERLIN-PC\Merlin
0:00:00 N/A
putty.exe 2528 Console 0 452 K
Running MERLIN-PC\Merlin
0:00:04 shred@redhat8:~
mbsa.exe 188 Console 0 256 K
Running MERLIN-PC\Merlin
0:00:08 Microsoft Baseline Security Analyzer
AcroRd32.exe 2736 Console 0 21,424 K
Running MERLIN-PC\Merlin
0:00:05 DDE Server Window
cmd.exe 1556 Console 0 32 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe
cmd.exe 520 Console 0 16 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe
notepad.exe 2576 Console 0 64 K
Running MERLIN-PC\Merlin
0:00:00 Untitled - Notepad
OUTLOOK.EXE 3168 Console 0 164 K
Running MERLIN-PC\Merlin
0:00:06 Inbox - Microsoft Outlook
AgentSvr.exe 1240 Console 0 212 K
Running MERLIN-PC\Merlin
0:00:00 Menu Parent Window
MSOHELP.EXE 2236 Console 0 220 K
Running MERLIN-PC\Merlin
0:00:01 Microsoft Outlook Help
msimn.exe 2256 Console 0 2,248 K
Running MERLIN-PC\Merlin
0:00:15 a process with pid 0 accessing Internet without me initiati
tasklist.exe 2132 Console 0 4,812 K
Running MERLIN-PC\Merlin
0:00:00 OleMainThreadWndName
wmiprvse.exe 3772 Console 0 5,412 K
Running NT AUTHORITY\NETWORK SERVICE
0:00:00 N/A
Thank you.
--Leon
netstat) with pid 0 accessing the some IP addresses with port 80 and port
2080. Both ports are web services.
Here's the output of netstat -o:
Proto Local Address Foreign Address State PID
TCP merlin-pc:1505 64.191.126.160:2080 ESTABLISHED 1720
TCP merlin-pc:1487 65.216.112.32:http TIME_WAIT 0
NOTE: I used msconfig to troubleshoot and find out which program it was but
it did not help. Task Manager did not help either because the process has no
name because the process could be in-kernel. It looks like it's System Idle
Process but I am not sure about it because there is no way for me unless I
underdand and know where to look at the kernel. Can I do memory dump and
find out? Debug? I have been trying to fix this for about a week now. I
downloaded some tools but did not help because the tools could not name the
process. I am after finding out the name of the process and stopping it. I
guess the next solution could be replacing svchost.
I don't think the tasklist output helps but Here's the output of tasklist
/v:
Image Name PID Session Name Session# Mem Usage
Status User Name CPU
Time Window Title
========================= ====== ================ ======== ============
=============== ==================================================
============ ===========================================================
System Idle Process 0 Console 0 16 K
Running NT AUTHORITY\SYSTEM
2:42:39 N/A
System 4 Console 0 32 K
Running NT AUTHORITY\SYSTEM
0:00:11 N/A
SMSS.EXE 552 Console 0 40 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
CSRSS.EXE 628 Console 0 1,372 K
Running NT AUTHORITY\SYSTEM
0:00:30 N/A
WINLOGON.EXE 652 Console 0 368 K
Running NT AUTHORITY\SYSTEM
0:00:01 N/A
SERVICES.EXE 696 Console 0 1,032 K
Running NT AUTHORITY\SYSTEM
0:00:07 N/A
LSASS.EXE 708 Console 0 1,396 K
Running NT AUTHORITY\SYSTEM
0:00:02 N/A
SVCHOST.EXE 860 Console 0 1,360 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
SVCHOST.EXE 948 Console 0 1,244 K
Running NT AUTHORITY\NETWORK SERVICE
0:00:00 N/A
SVCHOST.EXE 1032 Console 0 5,632 K
Running NT AUTHORITY\SYSTEM
0:00:13 N/A
SVCHOST.EXE 1104 Console 0 200 K
Running NT AUTHORITY\NETWORK SERVICE
0:00:00 N/A
SVCHOST.EXE 1204 Console 0 72 K
Running NT AUTHORITY\LOCAL SERVICE
0:00:00 N/A
SPOOLSV.EXE 1416 Console 0 92 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
EXPLORER.EXE 1576 Console 0 4,128 K
Running MERLIN-PC\Merlin
0:01:23 N/A
svchost.exe 1720 Console 0 220 K
Running MERLIN-PC\Merlin
0:00:00 N/A
zlclient.exe 1748 Console 0 1,220 K
Running MERLIN-PC\Merlin
0:00:02 ZoneAlarm Pro
CTFMON.EXE 1776 Console 0 1,072 K
Running MERLIN-PC\Merlin
0:00:03 N/A
AVGSERV.EXE 1888 Console 0 212 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
mdm.exe 1928 Console 0 344 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
WLANCFG4.EXE 1948 Console 0 1,160 K
Running MERLIN-PC\Merlin
0:00:05 NETGEAR MA111 USB Adapter Utility
SNMP.EXE 2016 Console 0 552 K
Running NT AUTHORITY\SYSTEM
0:00:00 N/A
vsmon.exe 144 Console 0 2,340 K
Running NT AUTHORITY\SYSTEM
0:00:17 N/A
cmd.exe 528 Console 0 20 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe - netstat -na 5
alg.exe 1480 Console 0 84 K
Running NT AUTHORITY\LOCAL SERVICE
0:00:00 N/A
netstat.exe 1612 Console 0 588 K
Running MERLIN-PC\Merlin
0:00:01 N/A
cmd.exe 1864 Console 0 776 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe - tasklist /v
iexplore.exe 1172 Console 0 1,544 K
Running MERLIN-PC\Merlin
0:04:28 Windows XP Newsgroups - Microsoft Internet Explorer
AVGCC32.EXE 1528 Console 0 68 K
Running MERLIN-PC\Merlin
0:00:00 N/A
putty.exe 2528 Console 0 452 K
Running MERLIN-PC\Merlin
0:00:04 shred@redhat8:~
mbsa.exe 188 Console 0 256 K
Running MERLIN-PC\Merlin
0:00:08 Microsoft Baseline Security Analyzer
AcroRd32.exe 2736 Console 0 21,424 K
Running MERLIN-PC\Merlin
0:00:05 DDE Server Window
cmd.exe 1556 Console 0 32 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe
cmd.exe 520 Console 0 16 K
Running MERLIN-PC\Merlin
0:00:00 C:\WINDOWS\system32\cmd.exe
notepad.exe 2576 Console 0 64 K
Running MERLIN-PC\Merlin
0:00:00 Untitled - Notepad
OUTLOOK.EXE 3168 Console 0 164 K
Running MERLIN-PC\Merlin
0:00:06 Inbox - Microsoft Outlook
AgentSvr.exe 1240 Console 0 212 K
Running MERLIN-PC\Merlin
0:00:00 Menu Parent Window
MSOHELP.EXE 2236 Console 0 220 K
Running MERLIN-PC\Merlin
0:00:01 Microsoft Outlook Help
msimn.exe 2256 Console 0 2,248 K
Running MERLIN-PC\Merlin
0:00:15 a process with pid 0 accessing Internet without me initiati
tasklist.exe 2132 Console 0 4,812 K
Running MERLIN-PC\Merlin
0:00:00 OleMainThreadWndName
wmiprvse.exe 3772 Console 0 5,412 K
Running NT AUTHORITY\NETWORK SERVICE
0:00:00 N/A
Thank you.
--Leon