Strange outbound connection

Discussion in 'other security issues & news' started by Rasheed187, Jan 20, 2008.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Does anyone have a clue what this exactly is supposed to mean, NG reported that rundll32.exe wanted to make a connection to the following IP address, I´m starting to get all paranoid again :shifty: :

     
  2. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Did you also happen to see that it´s some strange "Novell Open Enterprise Server" site? Anybody got a clue? :rolleyes:
     
  4. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    What do you mean? You don´t have a clue, or you don´t get to see the site?

    To be honest, I don´t really think that I´m infected, and if I am, it must be some super duper stealthy rootkit or something, because my anti-malware tools didn´t found anything strange, and my system is quite stable, no slow downs, no strange data traffic (besides this outbound connection) etc., but it doesn´t really make sense to me. Do you know what this site is all about? Perhaps I have discovered the rootkit that comes standard with every copy of Windows, is MS spying on me? :D
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Funny, I don't see the word infection anywhere in my post.

    GF
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Funny, but whenever I hear the name "hijackthis" I think about possible infected machines. :rolleyes:
     
  9. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I did not see anything weird on the IP address, other than it is Vail, CO, that is.
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It was being suggested that you use the StartupList feature that is part of Trend Micro's Hijackthis, which can be useful for other than possible infection troubleshooting.
     

    Attached Files:

  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Hi,

    I´m not sure what´s going on, a couple of days ago I´ve got a couple of more alerts about rundll32.exe, it was automaticly blocked from making outbound connections and this prevented Opera from connecting the network, very strange. AFAIK, rundll32.exe can´t even launch on my system when SSM is in "silent mode", so perhaps this is NG false positive? Or perhaps it´s really on to something, I don´t know. :doubt:
     
Loading...
Thread Status:
Not open for further replies.