Weird Crap Listenin In On My Ports

Prey521 · Post by **Prey521** » Sun Aug 05, 2001 2:57 am

I'm gonna kick my bro's ass!!!!

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP client:epmap 000freexxx.com:0 LISTENING
TCP client:microsoft-ds 000freexxx.com:0 LISTENING
TCP client:1026 000freexxx.com:0 LISTENING
TCP client:netbios-ssn 000freexxx.com:0 LISTENING
UDP client:microsoft-ds *:*
UDP client:netbios-ns *:*
UDP client:netbios-dgm *:*

Brent · Post by **Brent** » Sun Aug 05, 2001 2:59 am

rip him a new one from me

DVD Rewinder · Post by **DVD Rewinder** » Sun Aug 05, 2001 3:00 am

Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1998.

C:\WINDOWS\Desktop>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP main:4899 MAIN:0 LISTENING
TCP main:1201 MAIN:0 LISTENING
TCP main:1211 MAIN:0 LISTENING
TCP main:1903 MAIN:0 LISTENING
TCP main:137 MAIN:0 LISTENING
TCP main:138 MAIN:0 LISTENING
TCP main:nbsession MAIN:0 LISTENING
TCP main:1201 64.12.**.**:5190 ESTABLISHED
TCP main:1211 64.12.**.***:5190 ESTABLISHED
UDP main:1903 *:*
UDP main:nbname *:*
UDP main:nbdatagram *:*

C:\WINDOWS\Desktop>

I *'ed out those ip addresses.. arent positive what they are..

Prey521 · Post by **Prey521** » Sun Aug 05, 2001 3:08 am

How do I stop all that BS from listening in?

DVD Rewinder · Post by **DVD Rewinder** » Sun Aug 05, 2001 3:09 am

Originally posted by Prey521
How do I stop all that BS from listening in?

try restarting?

are you behind a router?

maybe its a virus

CoolJ · Post by **CoolJ** » Sun Aug 05, 2001 3:13 am

How do they listen?

Cookies?
Virii?
Trojan?

Whats listening do?

EvilAngel · Post by **EvilAngel** » Sun Aug 05, 2001 3:18 am

Looks like I'm listening to myself ?

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.

D:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP psychosis:epmap psychosis:0 LISTENING
TCP psychosis:microsoft-ds psychosis:0 LISTENING
TCP psychosis:1026 psychosis:0 LISTENING
TCP psychosis:1027 psychosis:0 LISTENING
TCP psychosis:3691 psychosis:0 LISTENING
TCP psychosis:4062 psychosis:0 LISTENING
TCP psychosis

op3 psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:3691 pop04.earthlink.net

op3 CLOSE_WAIT
TCP psychosis:4062 [url]http://www.pcstats.com:http[/url] ESTABLISHED
UDP psychosis:bootpc *:*
UDP psychosis:epmap *:*
UDP psychosis:microsoft-ds *:*
UDP psychosis:1025 *:*
UDP psychosis:1028 *:*
UDP psychosis:3850 *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*

What does it all mean?

Prey521 · Post by **Prey521** » Sun Aug 05, 2001 3:25 am

No Router, running ICS. Just did a scan and now trojan was found. Just rebooted and all that BS is still there

drdoug99 · Post by **drdoug99** » Sun Aug 05, 2001 3:25 am

WOW, I did that Netstat -a thingy. and like I had 15 LISTENING things, and 5 ESTABLISHED items.

then I did it again, and only 10 were LISTENING, and 2 were ESTABLISHED.

how do I copy the text from a DOS window? besides typing by hand.

DVD Rewinder · Post by **DVD Rewinder** » Sun Aug 05, 2001 3:28 am

Originally posted by drdoug99
WOW, I did that Netstat -a thingy. and like I had 15 LISTENING things, and 5 ESTABLISHED items.

then I did it again, and only 10 were LISTENING, and 2 were ESTABLISHED.

how do I copy the text from a DOS window? besides typing by hand.

click the dotted square, then select what you want, and click the copy button. then come here and ctrl-v

EvilAngel · Post by **EvilAngel** » Sun Aug 05, 2001 3:29 am

I cleared my cookies and rebooted, without connecting to the net I ran netstat and this is what was up

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.

D:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP psychosis:epmap psychosis:0 LISTENING
TCP psychosis:microsoft-ds psychosis:0 LISTENING
TCP psychosis:1026 psychosis:0 LISTENING
TCP psychosis:1027 psychosis:0 LISTENING
TCP psychosis

op3 psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
UDP psychosis:bootpc *:*
UDP psychosis:epmap *:*
UDP psychosis:microsoft-ds *:*
UDP psychosis:1025 *:*
UDP psychosis:1028 *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*

Reconneted and this is what I have running now, PCSTATS is established?? WTF?

Active Connections

Proto Local Address Foreign Address State
TCP psychosis:epmap psychosis:0 LISTENING
TCP psychosis:microsoft-ds psychosis:0 LISTENING
TCP psychosis:1026 psychosis:0 LISTENING
TCP psychosis:1027 psychosis:0 LISTENING
TCP psychosis:1061 psychosis:0 LISTENING
TCP psychosis op3 psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:1061 [url]http://www.pcstats.com:http[/url] ESTABLISHED
UDP psychosis:epmap *:*
UDP psychosis:microsoft-ds *:*
UDP psychosis:1025 *:*
UDP psychosis:1028 *:*
UDP psychosis:1029 *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*

D:\>

Banshee · Post by **Banshee** » Sun Aug 05, 2001 3:33 am

I have pcstats established here too

Weird

CoolJ · Post by **CoolJ** » Sun Aug 05, 2001 3:37 am

C:\WINDOWS\Desktop>netstat

Active Connections

Proto Local Address Foreign Address State
TCP t5e3z5:1398 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1399 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1400 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1402 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1403 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1404 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1409 proxy.buf.adelphia.net:8080 ESTABLISHED
TCP t5e3z5:1411 proxy.buf.adelphia.net:8080 ESTABLISHED
TCP t5e3z5:1413 proxy.buf.adelphia.net:8080 ESTABLISHED
TCP t5e3z5:1414 proxy.buf.adelphia.net:8080 ESTABLISHED

Banshee · Post by **Banshee** » Sun Aug 05, 2001 3:38 am

After rebooting:

C:\WINDOWS>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP vaio:641 VAIO:0 LISTENING
TCP vaio:135 VAIO:0 LISTENING
TCP vaio:653 VAIO:0 LISTENING
TCP vaio:1028 supportcentral.sel.sony.com:80 TIME_WAIT
TCP vaio:nbsession VAIO:0 LISTENING
TCP vaio:1025 VAIO:0 LISTENING
UDP vaio:1026 *:*
UDP vaio:nbname *:*
UDP vaio:nbdatagram *:*

C:\WINDOWS>

drdoug99 · Post by **drdoug99** » Sun Aug 05, 2001 3:39 am

here's a pic. I don't know if those IP's need to be deleted or what.

why would those websites be established to me?? I just installed windows XP RC2 like an hour ago, Speedguide is like the only website I've been to.

but that pic is like 10 minutes old. now those websites arent connected, I only have like 5 listening things now.
and Zone Alarm Pro didnt' detect anything, so I guess I'm save.

Cornbread · Post by **Cornbread** » Sun Aug 05, 2001 3:41 am

are all you guys runnin' win2k? does this have anything to do with that "code red" crap? just wondering?

EvilAngel · Post by **EvilAngel** » Sun Aug 05, 2001 3:47 am

The only way I could get rid of pcstats is to add their IP add to my Advanced settings in BID... now it's gone... whoa..

colour · Post by **colour** » Sun Aug 05, 2001 3:49 am

some http: connections can be due to banner adds.

SannieRose · Post by **SannieRose** » Sun Aug 05, 2001 7:48 am

Originally posted by DVD Rewinder
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1998.

C:\WINDOWS\Desktop>netstat -a

Active Connections

Proto Local Address Foreign Address State

TCP main:137 MAIN:0 LISTENING
TCP main:138 MAIN:0 LISTENING
TCP main:nbsession MAIN:0 LISTENING
UDP main:nbname *:*
UDP main:nbdatagram *:*

C:\WINDOWS\Desktop>

I *'ed out those ip addresses.. arent positive what they are..

DVDRewinder, ports 137, 138, and 139 are your NetBios ports - most vulnerable to Trojans! But you're in luck! You have Win 98. You can do something about all that crap listening at your ports. Microsh*t figured this out and prevented NetBios closing in later versions:
Go here and test your PC's security then here and close those NetBios ports. Configure your firewall to block (outgoing) nbdatagram, nbname (UDP and TCP) and then reboot, run netstat -n and you will have 1-2 ports listening.
Sweeeet

Here's what I have listening and I'm on the net and a ftp server:

Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS\Desktop>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP topapc:3200 0.0.0.0:0 LISTENING
UDP topapc:3200 *:*

C:\WINDOWS\Desktop>

SannieRose · Post by **SannieRose** » Sun Aug 05, 2001 7:53 am

Originally posted by drdoug99
...why would those websites be established to me?? I just installed windows XP RC2 like an hour ago, Speedguide is like the only website I've been to.

Windows XP is as close to total domination of your PC that Microsh*t can get. Good luck

Dakota · Post by **Dakota** » Sun Aug 05, 2001 8:50 am

I've got my system locked down pretty tight....Love it!!

C:\WINDOWS\Desktop>netstat -a

Active Connections

Proto Local Address Foreign Address State
UDP xxxxxx:1026 *:*

C:\WINDOWS\Desktop>

Banshee · Post by **Banshee** » Sun Aug 05, 2001 9:12 am

I added pcstats to restricted zones in ZAP. It blocked the connection to me but now i can't get to the site to vote for sg

Everytime i load a page on SG with that link at the bottom, i get an alert in ZA:

Your computer was prevented from connecting to a restricted site (http://www.pcstats.com).

Chris · Post by **Chris** » Sun Aug 05, 2001 9:29 am

The image for the vote button is being drawn from their site "http://www.pcstats.com/top100img/top100.gif " so as long as you have a speedguide page open your going to have pcstats open also.