hi i ran netstat as i do now and then and iv noticed a number of suspect conections one that has just come up now is this tcp 1060 staticline420.toya.net.pl:1214 fin_wait_2 and id like to know what conections like this are is this possable evidence of infection by eather spy tec or a trojen ??
hi thanks for ya reply ok just to clarify when i run netstat how do i tell whats a normal conection to the web and somthing suspect that i need to be concerned about ??
Hi Brethrezen: That can be a challenge, but as you become familiar with what applications connect and what ports they associate with, it will beome a matter of elimination. Some include AV and other software you have set for automatic updating. For instance, assuming I’ve closed my browser from the internet, am free of spyware and have all updates set to manual, the only remote connection I expect to see established is my e-mail program connecting to my ISP’s mail server to check for mail. Another process I might expect to see is my AV’s e-mail scrubber. I also use a free little utility called Active Ports: http://www.ntutility.com/?from=prog_aports (For Win2K/NT/XP) that combines features of netstat and process lists, helping me determine what applications (by their path) are using what ports and port status, i.e., Listening or Time_Wait. If your platform doesn’t support this, others always have suggestions. I routinely check netstat after closing from the net and sometimes find connections hanging on, temporary but I kill ‘em anyway just be sure. Frequenting Wilders has provided many useful links, ideas, awareness and applications. It’s a primary reason why nothing gets in or out of my system without legitimate reason. Probably time to shoot Paul e-mail about membership. Registered in February, but always shows me as a guest. Won’t let me re-register, saying my e-mail address is already in use. Best Regards, Rick
Windows XP CTL-ALT-DEL and look at processes = Filenames OR START, RUN, MSCONFIG and look at Services These two are NOT showing the same info
