Strange outbound connection

Discussion in 'other security issues & news' started by Rasheed187, Jan 20, 2008.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Does anyone have a clue what this exactly is supposed to mean, NG reported that rundll32.exe wanted to make a connection to the following IP address, I´m starting to get all paranoid again :shifty: :

     
  2. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Did you also happen to see that it´s some strange "Novell Open Enterprise Server" site? Anybody got a clue? :rolleyes:
     
  4. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What do you mean? You don´t have a clue, or you don´t get to see the site?

    To be honest, I don´t really think that I´m infected, and if I am, it must be some super duper stealthy rootkit or something, because my anti-malware tools didn´t found anything strange, and my system is quite stable, no slow downs, no strange data traffic (besides this outbound connection) etc., but it doesn´t really make sense to me. Do you know what this site is all about? Perhaps I have discovered the rootkit that comes standard with every copy of Windows, is MS spying on me? :D
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Funny, I don't see the word infection anywhere in my post.

    GF
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Funny, but whenever I hear the name "hijackthis" I think about possible infected machines. :rolleyes:
     
  9. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I did not see anything weird on the IP address, other than it is Vail, CO, that is.
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It was being suggested that you use the StartupList feature that is part of Trend Micro's Hijackthis, which can be useful for other than possible infection troubleshooting.
     

    Attached Files:

  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Hi,

    I´m not sure what´s going on, a couple of days ago I´ve got a couple of more alerts about rundll32.exe, it was automaticly blocked from making outbound connections and this prevented Opera from connecting the network, very strange. AFAIK, rundll32.exe can´t even launch on my system when SSM is in "silent mode", so perhaps this is NG false positive? Or perhaps it´s really on to something, I don´t know. :doubt:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.