Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


My Pc Is Acting As An Smtp/ftp/pop3 Server

  • Please log in to reply
1 reply to this topic

#1 revyakin


  • Members
  • 1 posts
  • Local time:04:29 PM

Posted 04 January 2006 - 04:00 PM

After visiting a malicious website I got tons of spyware installed. I spent half of a day cleaning everything up with SpySweeper, then Symamtec antivirus (all latest), patched the recent .wmf Dec 27th vulnerability, and installed the ZA free firewall. Visible signs of spyware disappeared.

Nervertheleses, I get notes from my ISP saying that my PC is acting as an SMTP/FTP/POP3 server. They will have to shut me off if I don't resolve this (reinstalling OS is not an option). So I did netstat -n and found an established connection to an IP in Taipei, Taiwan, not captured by the ZA firewall, with all browsers etc closed. I downloaded TCPView and turns out it was Dell's PCMtest.exe.

2 Questions:
1. Is PCMtest.exe known to cause problems like mine?
2. How do I find out if my PC is doing SMTP/FTP/POP3? My undestanding is that it does not need to have a connection establihsed at all times, so PCMtest may not be the problem. Here's a list of my connectons, but it may be irrelevant. WHoever can help, thank you in advance!

EXPLORE.EXE:6136 UDP D99T2Y51:2301 *:*
LSASS.EXE:1212 UDP D99T2Y51:4500 *:*
LSASS.EXE:1212 UDP D99T2Y51:isakmp *:*
realplay.exe:3512 UDP D99T2Y51:1732 *:*
spoolsv.exe:2020 UDP D99T2Y51:1027 *:*
SVCHOST.EXE:1620 UDP D99T2Y51:ntp *:*
SVCHOST.EXE:1620 UDP d99t2y51:ntp *:*
SVCHOST.EXE:1672 UDP D99T2Y51:1700 *:*
SVCHOST.EXE:1672 UDP D99T2Y51:1975 *:*
SVCHOST.EXE:1672 UDP D99T2Y51:1025 *:*
SVCHOST.EXE:1708 UDP D99T2Y51:1900 *:*
SVCHOST.EXE:1708 UDP d99t2y51:1900 *:*
System:4 TCP D99T2Y51:microsoft-ds D99T2Y51:0 LISTENING
System:4 TCP d99t2y51:netbios-ssn D99T2Y51:0 LISTENING
System:4 UDP D99T2Y51:microsoft-ds *:*
System:4 UDP d99t2y51:netbios-dgm *:*
System:4 UDP d99t2y51:netbios-ns *:*

BC AdBot (Login to Remove)


#2 phawgg


    Learning Daily

  • Members
  • 4,543 posts
  • Location:Washington State, USA
  • Local time:01:29 PM

Posted 04 January 2006 - 04:21 PM

First thing is a disclaimer. I don't know exactly ...
Second thing is, OS re-installation is always a viable option, even if it means an economic impact and/or
learning to do all you can to minimize the inconvenience or loss of some data.
Dell's PCMtest.exe wasn't designed to assist someone(thing) in Taiwan.
WinXP itself wasn't designed to promote the problems it does.
They can be compromised by "other factors".

That said, we (as a community) are familiar with the inherant problems your ISP has alerted you to.

We have procedures, including one-on-one "counseling", that are surprisingly effective.

Please read and act upon the information contained in the pinned post(s) here:
Forum Guidelines ...

This is a security issue.

It may require patience on your part, as we are quite busy, but your work prior to
posting a HJT log for analysis, and careful attention to what is recommended after you do,
WILL allow you to get past this unfortunate turn of events.

Thank you for drawing our attention to your problem.
Like I said initially, I can still learn from the details
involved in your customized fix & cooperation.

You are now officially not alone at it.

You are a member of bleepingcomputer.com :thumbsup:

Edited by phawgg, 04 January 2006 - 04:30 PM.

patiently patrolling, plenty of persisant pests n' problems ...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users