Unkillable Remote TCP & Locked Administrator file

Discussion in 'Trojan Defence Suite' started by kwesi, Aug 8, 2004.

Thread Status:
Not open for further replies.
  1. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Hello. I hope that it's okay to post about two problems here. I'll separate if necessary.

    1) I've been using the Netstat feature under the System Analysis menu, and have been noticing a remote TCP connection which I can't kill, to 193.108.153 (sorry - not sure of port number; I just had one which closed out, but recording to clipboard didn't capture the info). I know that there has been an issue with Micro$oft delegating some duties or other to deploy.akamaitechnologies.com, which is at this address. Zone Alarm Pro blocks some attempted connections to akamai, but others are getting through, presumably by a backdoor in my set-up (I've a DG834 router, & run Win XP, as well as ZA Pro, TDS-3, McaFee VS Enterprise 7.1, & other apps).

    When you right-click the process which is usually titled "TIME WAIT," the kill option is grayed out. I know that there is probably no threat to my PC, but I do wonder what info MS &/or Akamai are gathering without telling me, so your help would be appreciated, compadres :)

    2) I have twice had the message recently, upon running a full TDS-3 scan "[Locked File] Couldn't open c:\documents and settings\administrator\local settings\temp\a~nsisu_.exe for read access, file is locked".

    I tried running a scan in safe mode, as the Administrator, with the same result. Any ideas, please?

    Thanks a mill.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  3. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Thanks, Pilli.

    1) I'll try Port Explorer when I get home from work, although I currently have 5 apps that I pay for, & if I am to add to that, I'll probably get rid of my registry editor app; my thinking until now has been that I might possibly add Process Guard to my defences- ultimately, I'll weigh up the fact that the akamai problem probably isn't worth investing in the full version of PE to solve (but I'm open-minded).

    2) D'you have any ideas on what I might do about the locked temp file, please?

    Thanks again (I'm called Kwesi; the "mill" = "million!).

    P.S. Nice site that you have - I'm looking through it now..
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    OK Kwesi, Sorry about the mill as I was in a hurry.
    Locked temp files are quite normal in windows, for instance word nearly always has a temp version of any document you may have open and these usually dissapear once the program is closed.
    You may also be able to delete them by starting windows in safe mode.
    My site is in dire need of update ATM but hopefully I'll get time in the Autumn.
     
  5. nhatduongchi

    nhatduongchi Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    3
    It seems not always PE can show all port listening. On my win2k box, PE did not show my box having tcp listening port 15614 until had "Local port scan" of TDS3's plugin run.
    Please help. Thx.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi nhatduongchi, Perhaps it was listening on a local port such as 127.0.0.1 LocalHost or System 0.0.0.0.0 not an outbound connection.

    Just guesiing - Pilli
     
  7. pglover

    pglover Guest

    Thx but I doubt that it was not the case since on my box I have never seen localhost listening itself at ports over 5000. Anyway, I just paid for PG2 full version to protect my box and looking forward to TDS4 and alike (let save some$ yet).
    Oh! I have a little question on TDS3: it can not run limit account (ofcourse, it can use "runas" to have it run in a adm previlege acct); will TDS4 change this behavior?
    thx again.
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Pglover, With TDS3 you must run as in limited accounts. TDS4 should address this problem.
    Regarding the listening problem, would you post a screenshot as this may allow us see what you see?

    Thanks. Pilli
     
Thread Status:
Not open for further replies.