<non-existent> process connection - faraday cage set

Discussion in 'malware problems & news' started by Pfipps, Oct 12, 2013.

Thread Status:
Not open for further replies.
  1. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Hello Everyone,

    I was using tcpview and nirsoft smsniff to check out traffic for firefox, to test
    what TLS version was being used. I then found a non-existent connection to amazon.com aws servers.
    I LOST the IP address, but I remember seeing some header information like "{Author} {Date}" but not in that order.

    I have done some searches and found out that this could be due to trojan activity, but I am sure as I can be I have no trojans or malware. I used hitman pro, emsisoft, and malwarebytes, both tools, GMER, and process hacker.

    A little paranoia, though, because it turns out Amazon web services has a contract with the NSA and CIA.

    Anybody ever see this behavior? I have not been able to reproduce this. When I updated adobe flash in firefox, it MAY have something to do with this, but nothing.
     
  2. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    One update,

    I use dataram ramdisk, and the program uses amazon aws servers for a nag screen. The driver didn't run once, and it may have something to do with it. I thought the ramdisk was running, and it wasn't, and RAMDisk.exe couldn't start the driver, I had to reinstall the program.

    If I am not mistaken, a driver crash could result in the RAMDisk.exe to stop, making a "non existent" process have a connection?
     
  3. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Anybody?
    How about I change the question,

    what would it take to cause Firefox or Google Chrome to have a "FIN_WAIT-1" with <non-existent> as the process in Tcpview?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.