<non-existent> process connection - faraday cage set

Discussion in 'malware problems & news' started by Pfipps, Oct 12, 2013.

Thread Status:
Not open for further replies.
  1. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Hello Everyone,

    I was using tcpview and nirsoft smsniff to check out traffic for firefox, to test
    what TLS version was being used. I then found a non-existent connection to amazon.com aws servers.
    I LOST the IP address, but I remember seeing some header information like "{Author} {Date}" but not in that order.

    I have done some searches and found out that this could be due to trojan activity, but I am sure as I can be I have no trojans or malware. I used hitman pro, emsisoft, and malwarebytes, both tools, GMER, and process hacker.

    A little paranoia, though, because it turns out Amazon web services has a contract with the NSA and CIA.

    Anybody ever see this behavior? I have not been able to reproduce this. When I updated adobe flash in firefox, it MAY have something to do with this, but nothing.
     
  2. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    One update,

    I use dataram ramdisk, and the program uses amazon aws servers for a nag screen. The driver didn't run once, and it may have something to do with it. I thought the ramdisk was running, and it wasn't, and RAMDisk.exe couldn't start the driver, I had to reinstall the program.

    If I am not mistaken, a driver crash could result in the RAMDisk.exe to stop, making a "non existent" process have a connection?
     
  3. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Anybody?
    How about I change the question,

    what would it take to cause Firefox or Google Chrome to have a "FIN_WAIT-1" with <non-existent> as the process in Tcpview?
     
Loading...
Thread Status:
Not open for further replies.