Am i under attack? trojans n stuff

T

tarquinlinbin

I seem to have had a problem on and off for a while.

I keep getting running processes which seem to engage the cpu 100% and
slow down my pc.

I use xp pro, have a netgear router, norton internet security etc

so far i have spotted cmd.exe running in running processes on occasion
and taking 100% cpu , i have recently spotted system running at near
100% and yet there appears to be no internet traffic flowing
(broadband).

I ran some software to check tcp ports and at the time,the following
was noted..

alg.exe:1084 TCP a:3001 a:0 LISTENING
ccApp.exe:1612 TCP a:3008 a:0 LISTENING
CCPXYSVC.EXE:1100 TCP a:1027 a:0 LISTENING
lsass.exe:436 UDP a:isakmp *:*
svchost.exe:592 TCP a:epmap a:0 LISTENING
svchost.exe:616 TCP a:1025 a:0 LISTENING
svchost.exe:616 TCP a:3002 a:0 LISTENING
svchost.exe:616 TCP a:3003 a:0 LISTENING
svchost.exe:616 UDP a:ntp *:*
svchost.exe:616 UDP a:2234 *:*
svchost.exe:616 UDP a:ntp *:*
svchost.exe:616 UDP a:2234 *:*
svchost.exe:688 UDP a:3007 *:*
svchost.exe:700 TCP a:5000 a:0 LISTENING
svchost.exe:700 UDP a:1900 *:*
svchost.exe:700 UDP a:1900 *:*
System:4 TCP a:microsoft-ds a:0 LISTENING
System:4 TCP a:1028 a:0 LISTENING
System:4 TCP a:netbios-ssn a:0 LISTENING
System:4 UDP a:microsoft-ds *:*
System:4 UDP a:netbios-ns *:*
System:4 UDP a:netbios-dgm *:*


recently NIS reported that oraini.exe wanted to make an internet
connection and flagged it as high risk so i blocked it. I also noted
that in NIS statistics an apparent connect attempt was made (in or
out,i dont know but i didnt type the address in a browser!!) to
194.226.151.186 which is apparently the siberian tourist board website
or something!!

I have all the latest windows updates apart from sp1. I also have
trojan scanner software which doesnt detect anything.
My research tells me something about redbrook-broker on ports 3001-
and i note that 3001 is in my list.

I seem to have plenty of security in place but i dont feel that secure
and i feel that something is going on or something is at least trying
to do something and failing becuase of security..

any clues/thoughts please??
joe
 
S

Shenan Stanley

tarquinlinbin said:
I seem to have had a problem on and off for a while.

I keep getting running processes which seem to engage the cpu 100% and
slow down my pc.

I use xp pro, have a netgear router, norton internet security etc

so far i have spotted cmd.exe running in running processes on occasion
and taking 100% cpu , i have recently spotted system running at near
100% and yet there appears to be no internet traffic flowing
(broadband).

I ran some software to check tcp ports and at the time,the following
was noted..

alg.exe:1084 TCP a:3001 a:0 LISTENING
ccApp.exe:1612 TCP a:3008 a:0 LISTENING
CCPXYSVC.EXE:1100 TCP a:1027 a:0 LISTENING
lsass.exe:436 UDP a:isakmp *:*
svchost.exe:592 TCP a:epmap a:0 LISTENING
svchost.exe:616 TCP a:1025 a:0 LISTENING
svchost.exe:616 TCP a:3002 a:0 LISTENING
svchost.exe:616 TCP a:3003 a:0 LISTENING
svchost.exe:616 UDP a:ntp *:*
svchost.exe:616 UDP a:2234 *:*
svchost.exe:616 UDP a:ntp *:*
svchost.exe:616 UDP a:2234 *:*
svchost.exe:688 UDP a:3007 *:*
svchost.exe:700 TCP a:5000 a:0 LISTENING
svchost.exe:700 UDP a:1900 *:*
svchost.exe:700 UDP a:1900 *:*
System:4 TCP a:microsoft-ds a:0 LISTENING
System:4 TCP a:1028 a:0 LISTENING
System:4 TCP a:netbios-ssn a:0 LISTENING
System:4 UDP a:microsoft-ds *:*
System:4 UDP a:netbios-ns *:*
System:4 UDP a:netbios-dgm *:*


recently NIS reported that oraini.exe wanted to make an internet
connection and flagged it as high risk so i blocked it. I also noted
that in NIS statistics an apparent connect attempt was made (in or
out,i dont know but i didnt type the address in a browser!!) to
194.226.151.186 which is apparently the siberian tourist board website
or something!!

I have all the latest windows updates apart from sp1. I also have
trojan scanner software which doesnt detect anything.
My research tells me something about redbrook-broker on ports 3001-
and i note that 3001 is in my list.

I seem to have plenty of security in place but i dont feel that secure
and i feel that something is going on or something is at least trying
to do something and failing becuase of security..
Click to expand...

Always use more than one product to scan for viruses, trojans, worms,
adware, spyware and/or malware of any kind. I would suggest doing some
online scans (like http://www.pandasoftware.com/activescan/) and using (at
least) three of the following products:


Spybot Search and Destroy
http://www.safer-networking.net/

Lavasoft AdAware
http://www.lavasoft.de

CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This!
http://mjc1.com/mirror/hjt/

I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well.

And Assortment of Others:
http://www.merijn.org/downloads.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

interpreting TCPview results 4
Firewall Log 1
Help interpreting Windows netstat -ab command results 4
Fax service opening Port 1024 2
Epmap Connectionn Problem 4
svchost.exe eating up CPU all of a sudden... on BOTH my machines 4
Remote Desktop Protocol Error between XP pro PC and NT Server 4.0 4
Windows XP port 445 listening on wrong subnet 3

Top