Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected with a RAT?


  • Please log in to reply
4 replies to this topic

#1 Par03i

Par03i

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 02:10 PM

Alot of weird stuff has been happening to my computer lately. Sometimes while I'm watching videos on youtube for example my mouse will randomly right click different parts of the screen. Random emoticons sent to friends on Facebook that I don't remember sending. These are just a few examples.

 

I ran cmd and did netstat -ab and this is what came up. I also ran multiple anti virus programs (Avast, Malbyes) and nothing came up. Am I delusional or is something going on here?

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>netstat -ab

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            Dasme-PC:0             LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            Dasme-PC:0             LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:5357           Dasme-PC:0             LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49152          Dasme-PC:0             LISTENING
 [wininit.exe]
  TCP    0.0.0.0:49153          Dasme-PC:0             LISTENING
  eventlog
 [svchost.exe]
  TCP    0.0.0.0:49154          Dasme-PC:0             LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49156          Dasme-PC:0             LISTENING
 [services.exe]
  TCP    0.0.0.0:49158          Dasme-PC:0             LISTENING
 [lsass.exe]
  TCP    10.0.0.55:139          Dasme-PC:0             LISTENING
 Can not obtain ownership information
  TCP    10.0.0.55:49177        187:https              ESTABLISHED
 [DiscordPTB.exe]
  TCP    10.0.0.55:49299        ec2-54-86-116-98:https  ESTABLISHED
 [firefox.exe]
  TCP    10.0.0.55:49470        104.20.92.192:http     ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:43227        Dasme-PC:0             LISTENING
 [mbamservice.exe]
  TCP    127.0.0.1:49180        Dasme-PC:49181         ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:49181        Dasme-PC:49180         ESTABLISHED
 [firefox.exe]
  TCP    [::]:135               Dasme-PC:0             LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:445               Dasme-PC:0             LISTENING
 Can not obtain ownership information
  TCP    [::]:5357              Dasme-PC:0             LISTENING
 Can not obtain ownership information
  TCP    [::]:49152             Dasme-PC:0             LISTENING
 [wininit.exe]
  TCP    [::]:49153             Dasme-PC:0             LISTENING
  eventlog
 [svchost.exe]
  TCP    [::]:49154             Dasme-PC:0             LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49156             Dasme-PC:0             LISTENING
 [services.exe]
  TCP    [::]:49158             Dasme-PC:0             LISTENING
 [lsass.exe]
  UDP    0.0.0.0:3702           *:*
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:61740          *:*
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:61742          *:*
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:61744          *:*
  EventSystem
 [svchost.exe]
  UDP    10.0.0.55:137          *:*
 Can not obtain ownership information
  UDP    10.0.0.55:138          *:*
 Can not obtain ownership information
  UDP    10.0.0.55:1900         *:*
  SSDPSRV
 [svchost.exe]
  UDP    10.0.0.55:2177         *:*
  QWAVE
 [svchost.exe]
  UDP    10.0.0.55:61748        *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:1900         *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:48200        *:*
 [NvBackend.exe]
  UDP    127.0.0.1:48201        *:*
 [nvtray.exe]
  UDP    127.0.0.1:61749        *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::]:3702              *:*
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*
  EventSystem
 [svchost.exe]
  UDP    [::]:3702              *:*
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*
  EventSystem
 [svchost.exe]
  UDP    [::]:5355              *:*
  Dnscache
 [svchost.exe]
  UDP    [::]:61741             *:*
  FDResPub
 [svchost.exe]
  UDP    [::]:61743             *:*
  EventSystem
 [svchost.exe]
  UDP    [::]:61745             *:*
  EventSystem
 [svchost.exe]
  UDP    [::1]:1900             *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:61747            *:*
  SSDPSRV
 [svchost.exe]
  UDP    [2601:14a:4000:20cf::82e7]:2177  *:*
  QWAVE
 [svchost.exe]
  UDP    [2601:14a:4000:20cf:915:e12f:d15c:74c6]:2177  *:*
  QWAVE
 [svchost.exe]
  UDP    [2601:14a:4000:20cf:f03e:487f:5b7e:f645]:2177  *:*
  QWAVE
 [svchost.exe]
  UDP    [fe80::f03e:487f:5b7e:f645%11]:1900  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::f03e:487f:5b7e:f645%11]:2177  *:*
  QWAVE
 [svchost.exe]
  UDP    [fe80::f03e:487f:5b7e:f645%11]:61746  *:*
  SSDPSRV
 [svchost.exe]

C:\Windows\system32>



BC AdBot (Login to Remove)

 


#2 Par03i

Par03i
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 02:17 PM

Double Post: I also formatted computer by reinstalling the OS(Win 7 64 bit), no luck. I was still noticing some abnormalities.



#3 Par03i

Par03i
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 10 April 2016 - 05:38 PM

You guys are useless



#4 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 10 April 2016 - 06:54 PM

In the past, I have been asked by moderators to temper my response to posts like yours, so I will.

All of the trained helpers here are volunteers... they receive nothing for their assistance given, have real jobs, families, and lives. And they are very busy.

I'm sure when you read the forum rules and prep guides you also read this If you have not received help after three days, please post a link to your topic HERE   If you still need help please post your thread in that link and I'm sure you will get help.

Have a great day...


Edited by jburd1800, 10 April 2016 - 06:56 PM.

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 11 April 2016 - 02:07 PM

You guys are useless


I'll answer the only question you wanted an answer to: I don't see anything suspicious in the netstat output you gave us. In fact, I don't see any connection to an external address in it.

Do you need anything else or is that it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users