Process 3228 What is it?

Discussion in 'Port Explorer' started by commando440, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. commando440

    commando440 Registered Member

    Joined:
    Feb 11, 2005
    Posts:
    1
    Only has an ASTERISK (*) with no details?

    Lots of data going out on these!

    Help!

    Cheers,

    -Norman
     
    commando440, Feb 11, 2005
    #1
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi commando44, Processes in blue are system services usually LocalHost or *.*.*.* i.e within your own machine or network.

    From the help file:
    Socket colors

    Sockets in Port Explorer are displayed with text in any one of three colors. These colors are configurable (View menu), but by default they are black, blue and red. The color of the socket is not related to the nature of the socket itself but rather the process that owns it.

    Black - Normal Sockets
    Most sockets from applications started by the user will display as black. This means the owner process of the socket is a visible application - it has a window that is visible on-screen (although it may be minimised). It is possible but highly unlikely that trojan sockets will display as black.

    Blue - System Sockets
    Blue sockets indicate ownership by either the System process or by a registered service process (usually started by the operating system). It is possible for trojans to register themselves as service processes, but this is very rare.
    See also Notes on Services

    Red - Hidden Sockets
    Red sockets indicate that the owning process is hidden (ie. it has no visible windows) and is not a service or system process. Although there are some legitimate applications that behave this way, many hidden sockets are owned by trojans, so red-socket processes are always worthy of further investigation. In fact, very few

    Red (Background) - Closing Sockets
    Sockets with red backgrounds are sockets that have just closed. The red background remains for one 'refresh', allowing you to see sockets as they close rather then having them immediately disappear.

    Notes:
    It is not practically possible to determine if a process has an icon in the system tray as the system tray icon is handled by the explorer.exe process, not the process, so hidden processes that have a system tray icon will still show up as red.

    Port Explorer maintains a tally of each socket class. These tallies (and combined total) can be seen in the status bar at the bottom left-hand corner of the main Port Explorer window.
     
    Pilli, Feb 11, 2005
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...