• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Netstat Findings

EMPshockwave82

EMPshockwave82

Diamond Member
I have been seeing some weird activity of the upload / download sort. Using DUMeter the color RED is me downloading information packets from other sources and green is other people accessing my computer to download information packets.

I have been seeing fairly large numbers in the green (upload) area recently. A constant 30kB/sec as a matter of fact.

running a netstat I contine to find that *.level3.mail.yahoo.com and 216.239.41.99 seem to be the culprits in my little problem

My question then is this:
Does anyone know about these addresses?

mta-v5.level3.mail.yahoo.com:smtp
216.239.41.99:http
mta-v4.level3.mail.yahoo.com:smtp
 
sounds like you have a trojan running a mail server and sending out spam

you need to firewall yourself off and get that crap off your box asap
 
Originally posted by: FoBoT
sounds like you have a trojan running a mail server and sending out spam

you need to firewall yourself off and get that crap off your box asap
Click to expand...

I'm sorry, but we're going to have to put you down. It will only hurt at first...
 
216.239.41.99 is google... Are you sure you don't have Yahoo and/or Google toolbars? What about Yahoo Messenger?
 
Originally posted by: EMPshockwave82
ok then... any ideas on what i can use to find this trojan... apparently norton isnt finding it
Click to expand...

i had a problem seeing connects to random irc servers. i ran norton, mcafee, symantec, adaware, etc., none of them found anything. i ended up just reinstalling windows.
 
no yahoo or google toolbars for sure....

google is my home page though so i dont mind the google address

i have yahoo messenger but it's not running at the time when i get the spikes in activity
 
just for kicks open up your system performance and see whats running...

run msconfig and see what is getting started up.... something doesnt belong....
 
Running processes
firefox.exe
msmsgs.exe
taskmgr.exe
alg.exe
ctfmon.exe
DUMeter.exe
ccApp.exe
explorer.exe
svchost.exe
spoolsv.exe
svchost.exe
svchost.exe
svchost.exe
StyleXPService.exe
svchost.exe
svchost.exe
wdfmgr.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
nvsvc32.exe
nprotect.exe
navapsvc.exe
mdm.exe
inetinfo.exe
ccevtmgr.exe
system
system idle process
 
Originally posted by: BillGates
216.239.41.99 is google... Are you sure you don't have Yahoo and/or Google toolbars? What about Yahoo Messenger?
Click to expand...


why would yahoo messenger connect to some yahoo smtp?
 
Originally posted by: EMPshockwave82
Running processes
msmsgs.exe
alg.exe
ctfmon.exe
ccApp.exe
StyleXPService.exe
wdfmgr.exe
ccevtmgr.exe
system
system idle process
Click to expand...

It's probably those cc ones. But all of the ones there are suspect. Look them up on google or something.
 
Originally posted by: Beattie
Originally posted by: BillGates
216.239.41.99 is google... Are you sure you don't have Yahoo and/or Google toolbars? What about Yahoo Messenger?
Click to expand...


why would yahoo messenger connect to some yahoo smtp?
Click to expand...

Possibly, if you have it set to check your yahoo mail account
 
Originally posted by: Beattie
Originally posted by: EMPshockwave82
Running processes
msmsgs.exe
alg.exe
ctfmon.exe
ccApp.exe
StyleXPService.exe
wdfmgr.exe
ccevtmgr.exe
system
system idle process
Click to expand...

It's probably those cc ones. But all of the ones there are suspect. Look them up on google or something.
Click to expand...

msmsgs.exe -Microsoft Messenger
alg.exe -Windows Process
ctfmon.exe -Part of Office
ccApp.exe -Norton
StyleXPService.exe -Normal if you have StyleXP installed (duh)
wdfmgr.exe -Windows Media Player
ccevtmgr.exe -Norton
system -Normal
system idle process -Normal

All your other processes look normal also
 
havent seen it do this on DUMeter since i did the OP... maybe i scared it off


this was a common reoccurance for the past couple of weeks.. finally thought i'd ask the gurus


thanks everyone
 
Originally posted by: Beattie
Originally posted by: EMPshockwave82
Running processes
msmsgs.exe
alg.exe
ctfmon.exe
ccApp.exe
StyleXPService.exe
wdfmgr.exe
ccevtmgr.exe
system
system idle process
Click to expand...

It's probably those cc ones. But all of the ones there are suspect. Look them up on google or something.
Click to expand...

LOL, yeah, that system idle process is REAL suspicious. Better stop that one.
 
If you suspect any malware bogies, grab a copy of hijackthis and reboot in safe mode and get rid of any processes that don't belong. Search for those applications (by file name) and remove them as well.

Reboot and run ad-aware/spybot/spysweeper/etc.

You may also want to run LSPfix.exe and make sure your TCP/IP files aren't hijacked.

Cheers!
 
lied.... it's still trying to send an email.... my norton antivirus outgoing mail scanner just started picking up the trace of this email going out

glendanzig@yahoo.com or something like that is the email addy that it keeps trying to send to but says the inbox is full
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top