I need some opinions on either I am infected or not as I have no clues at all this time.
I am using Windows XP SP3. Usually, I thought that when I am not running any programs, there should not be any unfamiliar port connections (listening, connected, or waiting to disconnect), but today something strange happened and there are many unfamiliar ports shown from the process explorer I use.
So simply put: my Norton Framwork crashed -> restart and the Automatic Update service is gone and could not be reinstalled -> Unfamiliar IPs and ports listening or connected
Detailed list of what happened today:
-First, after dinner, I restarted my computer just because Norton Framework crashed randomly(doesn't seem like it now).
-Then when it restarted, the Notifier told me that "Automatic Update is turned off....".
And then when I went to System Security Center to turn it on, it says "We're sorry. Security Center could not change the Automatic Updates settings. ..." Then I tried to turn it on in Updates tab under System Properties, but it is not even turned off. I thought it was strange, so I went to services.msc, and COULD NOT find the Automatic Update service.
So again I thought, "maybe it's just accidental". So I tried to reinstall the service by using this in the command line "%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection AutoUpdate 132 %SystemRoot%\inf\au.inf", and restarted my system. It did not work, same alert popped up: "Automatic Update is turned off..." Now I got a feeling that something is off, and it is definitely something I have never encountered before.
-Secondly, after that diagnose above, I suspected that it might be an attack. So I opened my process explorer, and not surprisingly, I had many unfamiliar ports "listening"
-The third thing is that the System Log was corrupted after this happened, other logs were fine.
Right when the computer starts
With Firefox open
After closing firefox
Sorry for using a Chinese software, here is the status translation:
Those IPs keeps changing, well, I don't know...
So, am I likely infected? I feel very unsafe to go on any games, login to amazon/ebay, or just staying connected in general...
Since it is late here, I guess I might not get a response right away, so for the time being, I will disconnect my internet and scan with Malwarebytes(with the latest defination).
Any help will be appreciated. Thank you!
Edited by TheUltimateCow, 11 January 2010 - 02:02 AM.