chemicalkicks
August 20th, 2007, 01:30 PM
Posted this in another Forum please read, any advise welcome.
I just did the following.
RUN > CMD > Netstat -n
Over 100 active connections all TCP and im worried.
EDIT: Did a better guess closer to 200+, no terrents running.
Using ESS latest version, Spybot and PG.
Ive only looked up a couple of the IP's so far, one was for Google HUH nothing was open before I ran the comand and I dont have the sidebar or anything like that.
Another was for http://www.ripe.net/ agian who, why a connection?
Does any think I may be heavily infected?
________________________________________________________________
Another poster replied;
run a netstat -b and see where the connections are coming from.
________________________________________________________________
OK.
Top 10 or so connections are ekrn.exe
next 25 or so are firefox
The 2 sources above are sourced at LivingRoom PC which is my PC name.
The next 150 are all ekrn.exe and listed the majority are listed as http: but some have different sources like; mars:https, kr-in-f116:http, ns-vip3:http.
Any ideas?
EDIT: The IP is always 192.168.1.78:50975 running to :65028
________________________________________________________________
Another poster replied:
Ekrn.exe is part of ESS, why it's making that many connections I don't know though. Perhaps try posting here: http://www.wilderssecurity.com/forumdisplay.php?f=18 Seems to be the official support forum.
_________________________________________________________________
And now I ask your advise, is this normal, should I be worried?
I just did the following.
RUN > CMD > Netstat -n
Over 100 active connections all TCP and im worried.
EDIT: Did a better guess closer to 200+, no terrents running.
Using ESS latest version, Spybot and PG.
Ive only looked up a couple of the IP's so far, one was for Google HUH nothing was open before I ran the comand and I dont have the sidebar or anything like that.
Another was for http://www.ripe.net/ agian who, why a connection?
Does any think I may be heavily infected?
________________________________________________________________
Another poster replied;
run a netstat -b and see where the connections are coming from.
________________________________________________________________
OK.
Top 10 or so connections are ekrn.exe
next 25 or so are firefox
The 2 sources above are sourced at LivingRoom PC which is my PC name.
The next 150 are all ekrn.exe and listed the majority are listed as http: but some have different sources like; mars:https, kr-in-f116:http, ns-vip3:http.
Any ideas?
EDIT: The IP is always 192.168.1.78:50975 running to :65028
________________________________________________________________
Another poster replied:
Ekrn.exe is part of ESS, why it's making that many connections I don't know though. Perhaps try posting here: http://www.wilderssecurity.com/forumdisplay.php?f=18 Seems to be the official support forum.
_________________________________________________________________
And now I ask your advise, is this normal, should I be worried?