a lot of listening ports need help

Discussion in 'malware problems & news' started by nosteaze, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. nosteaze

    nosteaze Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    1
    i have noticed that my connection has slowed down recently while playing online (cable isp).

    when i use netstat -an i get a whole buch of opened connections
    (french xp)

    Proto Adresse locale Adresse distante Etat
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    TCP myipaddress:13402 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1025 *:*
    UDP 0.0.0.0:1028 *:*
    UDP 0.0.0.0:1163 *:*
    UDP myipaddress:123 *:*
    UDP myipaddress:12308 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1030 *:*
    UDP 127.0.0.1:1153 *:*
    UDP 127.0.0.1:1166 *:*

    i have already closed netbios and port 445 which i had alos found open (i thought i had closed them but maybe had forgetten too)

    i keep my pc update weekly and have both zonealarm and noton antivirus 2004 running. my computer was scann with nothing coming up

    my question is:
    - what is the easyest way of closing ports? is there another way then there regedit (zonealarm does not seem to have that option).
    - do i have a trogan? or am i paranoid?
    - what is the distance address *|* is the ip spoofed or hidden


    thanks in advanced to those that can help
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Since you are on Windows XP, you can add one more item to your netstat command which will give you a lot more information. Try this:

    netstat -ano

    The little "o" (OH) adds one more column to the netstat output, and that is PID (Process ID) for each program that is active on the ports listed. You can then use the task manager (Ctrl Alt Del) to lookup (find) the PID and relate it to the process / program running.

    This is very valuable because it'll tell you what programs are talking on those ports and then you can take a look at each one and try to determine if it is a valid program or a problem.
     
Loading...
Thread Status:
Not open for further replies.