From: "Derek" <
[email protected]>
| Dear Newsgroup,
|
| please can someone help me understand why my pc has started giving Root
| Servers in its results for Netstat -a
|
| Here are some of the results that I get:
|
| TCP PC1:1033 hntp1.hinet.net:domain TIME_WAIT
| TCP PC1:1034
| old-j-root-servers-net.verisign-grs.net:domain TIME_WAIT
| TCP PC1:1035 157.157.139.10:26000 TIME_WAIT
| TCP PC1:1038 a.root-servers.net:domain TIME_WAIT
| TCP PC1:1039 157.157.139.10:26000 ESTABLISHED
|
| I'm not sure if its my network settings for my network card, or something
| else.
|
| Regards,
| Derek.
|
I suggest using TCPVIEW from Sysinternals instead of NETSTAT
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
It is a GUI rather than a command line snap-shot view and shows a dynamic view in a window.
It will also show you what program is connecting to what Internet site using what protocol
as in the following examples...
telnet.exe:1408 TCP dlipman-1.verizon.net:3410 192.168.1.2:23 ESTABLISHED
IEXPLORE.EXE:1696 TCP dlipman-1.verizon.net:3364 sand.mozilla.org:80 CLOSE_WAIT
IEXPLORE.EXE:1056 TCP dlipman-1.verizon.net:3340 mozilla.ussg.indiana.edu:21 ESTABLISHED
If you double-click on the "Process" (executable) it will show you the Fully Qualified path
to the executable. This is very handy for helping to find Trojans.
Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files
Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear
1) Download the TrendMicro Sysclean Front End
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
2) Download and install Ad-aware SE
(free personal version v1.05)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.
3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu exit the utility so you can boot into Safe Mode.
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Execute; c:\sysclean\sysclean.com
Let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.
6) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
This time, choose to execute SYSCLEAN.COM from the menu.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.
* * Please report back your results * *
