Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is this computer hacked ?


  • Please log in to reply
4 replies to this topic

#1 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 13 April 2011 - 11:55 AM

i opened my Laptop

Bam a lot of network activity on the router

i fired up tcp view

wow a unavailable process talking on the net

i fired up process explorer the pid is not there

i blocked all the conection in comodo firewall

and i still have network activity on the router


the tcp log is down in the attachment


so help plz



i forgot the attachment sorry

Attached Files

  • Attached File  Log.txt   2.8KB   12 downloads

Edited by ranget, 13 April 2011 - 12:37 PM.

A big thanks to Dider Stevens

sorry for not being around

 


BC AdBot (Login to Remove)

 


#2 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 19 April 2011 - 01:53 PM

I have googled the IPS you are worried about.

65.55.11.240 => http://www.ip-adress.com/whois/65.55.11.240 - IP Address belongs to Microsoft
83.150.67.33 => http://www.ip-adress.com/whois/83.150.67.33 - IP belongs to Web of Trust(WOT)
92.122.126.219 => http://www.ip-adress.com/whois/92.122.126.219 - AKAMAI (I believe adobe use this as a DLM)
198.78.197.254 => http://www.ip-adress.com/whois/198.78.197.254 - Unsure, seems to be a ISP of some sort?
207.46.140.23 => http://www.ip-adress.com/whois/207.46.140.23 - Belongs to Microsoft

I am going to go ahead and say everything is fine, there is no *unusual* operations going on there,Posted Image

#3 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 19 April 2011 - 02:02 PM

thanks a lot super panda i'm glad it's nothing


but the thing that got me paranoid is it's not available i mentioned that
i ran Process explorer and found nothing with the same PID


thanks for the help i'm glad it's nothing

A big thanks to Dider Stevens

sorry for not being around

 


#4 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 20 April 2011 - 05:53 AM

Well I can't see any malware connecting to sites like them, as 4 of them are security related sites.

#5 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 21 April 2011 - 09:23 AM

well thanks for the help that rule out a lot of stuff


the thing that i'm afraid off

is that

the trojan is delaying the connection

or the rootkit is hiding it

either way thanks

:thumbup2:

A big thanks to Dider Stevens

sorry for not being around

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users