Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 65
Members: 0
Total: 65
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> Please help with PC security issue
Post new topicReply to topic View previous topic :: View next topic
Please help with PC security issue
PostPosted: Tue Jun 30, 2009 9:39 pm Reply with quote
shyspy
Advanced user
Advanced user
Joined: Jun 08, 2009
Posts: 60




HI,

Well whenever i connect to the internet i get the following when i do an netstat -a

Code:

TCP administrator:1110 localhost:4762 TIME_WAIT
TCP administrator:1110 localhost:4778 TIME_WAIT
TCP administrator:1110 localhost:4795 TIME_WAIT
TCP administrator:1110 localhost:4802 TIME_WAIT
TCP administrator:1110 localhost:4805 TIME_WAIT
TCP administrator:1110 localhost:4806 TIME_WAIT
TCP administrator:1110 localhost:4809 TIME_WAIT
TCP administrator:1110 localhost:4814 ESTABLISHED
TCP administrator:1110 localhost:4816 ESTABLISHED
TCP administrator:1110 localhost:4819 TIME_WAIT
TCP administrator:1110 localhost:4822 TIME_WAIT
TCP administrator:1110 localhost:4824 TIME_WAIT
TCP administrator:1110 localhost:4826 TIME_WAIT
TCP administrator:1110 localhost:4828 TIME_WAIT
TCP administrator:1110 localhost:4844 ESTABLISHED
TCP administrator:1110 localhost:4845 ESTABLISHED
TCP administrator:1110 localhost:4847 ESTABLISHED
TCP administrator:1110 localhost:4850 ESTABLISHED
TCP administrator:1110 localhost:4852 ESTABLISHED
TCP administrator:1110 localhost:4853 ESTABLISHED
TCP administrator:1110 localhost:4854 ESTABLISHED
TCP administrator:1110 localhost:4855 ESTABLISHED
TCP administrator:1110 localhost:4860 ESTABLISHED
TCP administrator:1110 localhost:4861 ESTABLISHED
TCP administrator:1110 localhost:4864 ESTABLISHED
TCP administrator:1110 localhost:4866 ESTABLISHED
TCP administrator:1110 localhost:4869 ESTABLISHED
TCP administrator:1110 localhost:4872 ESTABLISHED
TCP administrator:1110 localhost:4874 ESTABLISHED
TCP administrator:1110 localhost:4875 TIME_WAIT
TCP administrator:1110 localhost:4876 ESTABLISHED
TCP administrator:1110 localhost:4896 ESTABLISHED
TCP administrator:1110 localhost:4898 ESTABLISHED
TCP administrator:4389 localhost:1110 ESTABLISHED
TCP administrator:4424 localhost:1110 ESTABLISHED
TCP administrator:4498 localhost:1110 ESTABLISHED
TCP administrator:4499 localhost:1110 ESTABLISHED
TCP administrator:4662 localhost:1110 TIME_WAIT
TCP administrator:4669 localhost:1110 ESTABLISHED
TCP administrator:4704 localhost:1110 TIME_WAIT
TCP administrator:4706 localhost:1110 TIME_WAIT
TCP administrator:4708 localhost:1110 ESTABLISHED
TCP administrator:4711 localhost:1110 ESTABLISHED
TCP administrator:4714 localhost:1110 TIME_WAIT
TCP administrator:4716 localhost:1110 TIME_WAIT
TCP administrator:4717 localhost:1110 TIME_WAIT
TCP administrator:4720 localhost:1110 TIME_WAIT
TCP administrator:4722 localhost:1110 TIME_WAIT
TCP administrator:4748 localhost:1110 TIME_WAIT
TCP administrator:4750 localhost:1110 TIME_WAIT
TCP administrator:4752 localhost:1110 TIME_WAIT
TCP administrator:4754 localhost:1110 TIME_WAIT
TCP administrator:4756 localhost:1110 TIME_WAIT
TCP administrator:4757 localhost:1110 TIME_WAIT
TCP administrator:4760 localhost:1110 TIME_WAIT
TCP administrator:4763 localhost:1110 TIME_WAIT
TCP administrator:4766 localhost:1110 TIME_WAIT
TCP administrator:4767 localhost:1110 TIME_WAIT
TCP administrator:4770 localhost:1110 TIME_WAIT
TCP administrator:4771 localhost:1110 TIME_WAIT
TCP administrator:4774 localhost:1110 TIME_WAIT
TCP administrator:4775 localhost:1110 TIME_WAIT
TCP administrator:4780 localhost:1110 TIME_WAIT
TCP administrator:4782 localhost:1110 TIME_WAIT
TCP administrator:4784 localhost:1110 TIME_WAIT
TCP administrator:4786 localhost:1110 TIME_WAIT
TCP administrator:4788 localhost:1110 TIME_WAIT
TCP administrator:4790 localhost:1110 TIME_WAIT
TCP administrator:4791 localhost:1110 TIME_WAIT
TCP administrator:4794 localhost:1110 TIME_WAIT
TCP administrator:4796 localhost:1110 TIME_WAIT
TCP administrator:4800 localhost:1110 TIME_WAIT
TCP administrator:4803 localhost:1110 TIME_WAIT
TCP administrator:4807 localhost:1110 TIME_WAIT
TCP administrator:4814 localhost:1110 ESTABLISHED
TCP administrator:4816 localhost:1110 ESTABLISHED
TCP administrator:4818 localhost:1110 TIME_WAIT
TCP administrator:4830 localhost:1110 TIME_WAIT
TCP administrator:4832 localhost:1110 TIME_WAIT
TCP administrator:4834 localhost:1110 TIME_WAIT
TCP administrator:4837 localhost:1110 TIME_WAIT
TCP administrator:4840 localhost:1110 TIME_WAIT
TCP administrator:4842 localhost:1110 TIME_WAIT
TCP administrator:4844 localhost:1110 ESTABLISHED
TCP administrator:4845 localhost:1110 ESTABLISHED
TCP administrator:4847 localhost:1110 ESTABLISHED
TCP administrator:4850 localhost:1110 ESTABLISHED
TCP administrator:4852 localhost:1110 ESTABLISHED
TCP administrator:4853 localhost:1110 ESTABLISHED
TCP administrator:4854 localhost:1110 ESTABLISHED
TCP administrator:4855 localhost:1110 ESTABLISHED
TCP administrator:4860 localhost:1110 ESTABLISHED
TCP administrator:4861 localhost:1110 ESTABLISHED
TCP administrator:4864 localhost:1110 ESTABLISHED
TCP administrator:4866 localhost:1110 ESTABLISHED
TCP administrator:4869 localhost:1110 ESTABLISHED
TCP administrator:4872 localhost:1110 ESTABLISHED
TCP administrator:4874 localhost:1110 ESTABLISHED
TCP administrator:4876 localhost:1110 ESTABLISHED
TCP administrator:4896 localhost:1110 ESTABLISHED
TCP administrator:4898 localhost:1110 ESTABLISHED


Does this mean that my pc is hacked.
I have no server Or anything running on my system.
View user's profile Send private message
PostPosted: Tue Jun 30, 2009 11:25 pm Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Its possible it's hacked or a virus, but we need some more info.. perhaps your process list or something..
Try run an antivirus and antispyware.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Wed Jul 01, 2009 12:53 am Reply with quote
BoboTiG
Advanced user
Advanced user
Joined: Jun 22, 2009
Posts: 66




And If you can give us programs loaded at boot (msconfig) too.
View user's profile Send private message Visit poster's website
-
PostPosted: Wed Jul 01, 2009 7:58 am Reply with quote
shyspy
Advanced user
Advanced user
Joined: Jun 08, 2009
Posts: 60




Quote:

Its possible it's hacked or a virus, but we need some more info.. perhaps your process list or something..
Try run an antivirus and antispyware.

Quote:

And If you can give us programs loaded at boot (msconfig) too.


My task Manager running process are,

http://www.tadkalagake.com/images/770_running_process.JPG

Msconfig Startup process are ,

http://www.tadkalagake.com/images/638_msstartup.JPG
View user's profile Send private message
PostPosted: Wed Jul 01, 2009 10:35 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Do you know what rthdcpl.exe, vbptask.exe, and hkcmd.exe are? If not, kill them and see if it solves your problem

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Wed Jul 01, 2009 11:46 am Reply with quote
shyspy
Advanced user
Advanced user
Joined: Jun 08, 2009
Posts: 60




gibbocool wrote:
Do you know what rthdcpl.exe, vbptask.exe, and hkcmd.exe are? If not, kill them and see if it solves your problem


well i trie dthhs but doesn't help and some process like klwtblfs.exe and otehrs can't be ended.

Also now my pc is running very very slow ....

I have formated it but as soon as i connect to the internet its again infected.

One more thing m using win xp pro do i need to update it Or go for vista will it provide more security or something.
View user's profile Send private message
PostPosted: Wed Jul 01, 2009 12:29 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




rthdcpl.exe
Quote:
rthdcpl.exe is a process belonging to the Realtek HD Audio Control Panel and is bundled alongside Realtek sound cards and audio hardware. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems.\r"



vbptask.exe
Quote:
vbptask.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 114,688 bytes (39% of all occurrence), 122,880 bytes, 118,784 bytes, 131,072 bytes, 139,264 bytes, 110,592 bytes, 143,360 bytes, 135,168 bytes, 237,568 bytes, 159,744 bytes.
vbptask.exe is not a Windows core file. Program is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). The program has no visible window. vbptask.exe is able to hide itself. Therefore the technical security rating is 56% dangerous, however also read the users reviews.


hkcmd.exe
Quote:
"hkcmd.exe" is Intel's "extreme" grahics hot key interceptor. If you never use the Intel hotkeys, you can go to Control Panel > Intel Extreme Graphics > Hot Keys and turn them off.

Get more detailed information about hkcmd.exe and all other running background processes with Security Task Manager.

Note: Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection!
View user's profile Send private message
PostPosted: Wed Jul 01, 2009 7:10 pm Reply with quote
BoboTiG
Advanced user
Advanced user
Joined: Jun 22, 2009
Posts: 66




In msconfig, do not check NULL and vchost. vchost is a spyware.
View user's profile Send private message Visit poster's website
Security Task Manager1.7
PostPosted: Thu Jun 17, 2010 7:26 am Reply with quote
arun005
Beginner
Beginner
Joined: Jun 17, 2010
Posts: 1




Hello,

Enhanced Process Viewer that protects your PC Use the link : http://www.trustdownload.com/Antivirus-and-Spyware-Cleaners/Antivirus/Security-Task-Manager.html

Thank you
View user's profile Send private message
PostPosted: Mon Oct 04, 2010 4:47 am Reply with quote
ashin
Beginner
Beginner
Joined: Oct 04, 2010
Posts: 1




Thank you for the link

_________________
www.cyberls.com
View user's profile Send private message
PostPosted: Tue Oct 05, 2010 3:51 am Reply with quote
sk8er
Advanced user
Advanced user
Joined: May 09, 2005
Posts: 64




you will use a firewall, endian Firewall is a good.

http://www.endian.com/en/community/overview/

saludos.
View user's profile Send private message Send e-mail MSN Messenger
Please help with PC security issue
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.036 Seconds