Are these processes without names normal or something to be concerned with? I noticed after my machine booted up with my selective startup options reset to default (all checked). Dunno if there's a conneciton. If this was covered, sorry.. I didn't find it via search.. http://img.photobucket.com/albums/v333/Hint_of_Lime/untitled3pe.jpg
Hi there! When you rightclick such a process, does it give some name in the menu there, what is ....exe? what do you get when you choose that option? You see it is another protocol then TCP or UDP, but on my system also the Other protocols applications are showing with name. If you look at the portnumbers involved, do you see those same in other places in the list? Missing that column to the remote connections in your screenshot. Not sure if the router settings have to do with it.
Hi! Thank you for your quick response Jooske. when i click on the what is exe option, it just displays "what is (process id #)" and if I look it up it does nothing (no record). I don't see those port #'s anywhere else via PE, or netstat /an for that matter.. here is the remote connections tab. http://img.photobucket.com/albums/v333/Hint_of_Lime/pe4.jpg now I'm noticing some of those remote IP's (shown in my caps) show up in my look n stop logs..all doing netbios port 137 hits ::sigh:: I'm blocking them via my router and lns, but Im thinking after 5 months of a healthy install a worm may have got by me and KAV.. argh. I don't know. The odd IP's are coming from the same place in California. Worms wouldn't go thru a proxy like that, would they?
Hi Dusk, I have to admit that I don't know what is going on But I noticed some things: In the Local Address column: At first I see 192.168.0.104 Let's assume that is you; am I correct? Now suddenly I see almost the same IP, but now 0.192.168.0 Same kind of thing happening with 127.0.0.1 : there is suddenly showing 0.127.0.0 So, let's say an IPnumber having this format abc.def.ghi.jkl then suddenly I see there 0.abc.def.ghi Now the Remote Address column: Something similar happening there a few times, but now 1.abc.def.ghi I have no idea what is happening here; I'm really sorry !!! I am wondering whether firewall, router, (maybe HOSTS-file too), etc, are correct configured. But I guess we need help from firewall (etc) guru's here. Sorry for not being of more help than noticing above. Regards, Jan.
Thanks for your response Jan.. I do know my router is about to bite the dust due to a reset error that the reccommendations and reflashing won't fix. As far as sw firewall we have look n' stop loaded with phantom's ruleset.. Thanks for your feedback and suggestions.. I'll try swapping routers and tweak other variables move on from there. Thanks all. seeya around
Hi Dusk, Sorry to hear about your router problems ! I have to admit that I have no knowledge about LnS Since you're using Phant0m's ruleset, I have asked Phant0m whether he would be so kind to also have a look at this. (If needed at some later moment, we could always ask the mods to move the thread to the LnS forum or the other-firewall forum). Good luck !!! Regards, Jan.
Hi everyone Frankly, I do believe this anomaly isn’t in correspondence with usage of a Rule-set. This problem seems deeper, possibly infection, or data corruptions in some form. I dunno, maybe you can try looking at the hostfile first, do find for strings like 0.127.0.0, at worse you may have to do a repair on the Windows Network or first try “RESET” on the Router. Regards, Phant0m``
