|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 60
Members: 0
Total: 60
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Please help with PC security issue |
|
Posted: Tue Jun 30, 2009 9:39 pm |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
HI,
Well whenever i connect to the internet i get the following when i do an netstat -a
Code: |
TCP administrator:1110 localhost:4762 TIME_WAIT
TCP administrator:1110 localhost:4778 TIME_WAIT
TCP administrator:1110 localhost:4795 TIME_WAIT
TCP administrator:1110 localhost:4802 TIME_WAIT
TCP administrator:1110 localhost:4805 TIME_WAIT
TCP administrator:1110 localhost:4806 TIME_WAIT
TCP administrator:1110 localhost:4809 TIME_WAIT
TCP administrator:1110 localhost:4814 ESTABLISHED
TCP administrator:1110 localhost:4816 ESTABLISHED
TCP administrator:1110 localhost:4819 TIME_WAIT
TCP administrator:1110 localhost:4822 TIME_WAIT
TCP administrator:1110 localhost:4824 TIME_WAIT
TCP administrator:1110 localhost:4826 TIME_WAIT
TCP administrator:1110 localhost:4828 TIME_WAIT
TCP administrator:1110 localhost:4844 ESTABLISHED
TCP administrator:1110 localhost:4845 ESTABLISHED
TCP administrator:1110 localhost:4847 ESTABLISHED
TCP administrator:1110 localhost:4850 ESTABLISHED
TCP administrator:1110 localhost:4852 ESTABLISHED
TCP administrator:1110 localhost:4853 ESTABLISHED
TCP administrator:1110 localhost:4854 ESTABLISHED
TCP administrator:1110 localhost:4855 ESTABLISHED
TCP administrator:1110 localhost:4860 ESTABLISHED
TCP administrator:1110 localhost:4861 ESTABLISHED
TCP administrator:1110 localhost:4864 ESTABLISHED
TCP administrator:1110 localhost:4866 ESTABLISHED
TCP administrator:1110 localhost:4869 ESTABLISHED
TCP administrator:1110 localhost:4872 ESTABLISHED
TCP administrator:1110 localhost:4874 ESTABLISHED
TCP administrator:1110 localhost:4875 TIME_WAIT
TCP administrator:1110 localhost:4876 ESTABLISHED
TCP administrator:1110 localhost:4896 ESTABLISHED
TCP administrator:1110 localhost:4898 ESTABLISHED
TCP administrator:4389 localhost:1110 ESTABLISHED
TCP administrator:4424 localhost:1110 ESTABLISHED
TCP administrator:4498 localhost:1110 ESTABLISHED
TCP administrator:4499 localhost:1110 ESTABLISHED
TCP administrator:4662 localhost:1110 TIME_WAIT
TCP administrator:4669 localhost:1110 ESTABLISHED
TCP administrator:4704 localhost:1110 TIME_WAIT
TCP administrator:4706 localhost:1110 TIME_WAIT
TCP administrator:4708 localhost:1110 ESTABLISHED
TCP administrator:4711 localhost:1110 ESTABLISHED
TCP administrator:4714 localhost:1110 TIME_WAIT
TCP administrator:4716 localhost:1110 TIME_WAIT
TCP administrator:4717 localhost:1110 TIME_WAIT
TCP administrator:4720 localhost:1110 TIME_WAIT
TCP administrator:4722 localhost:1110 TIME_WAIT
TCP administrator:4748 localhost:1110 TIME_WAIT
TCP administrator:4750 localhost:1110 TIME_WAIT
TCP administrator:4752 localhost:1110 TIME_WAIT
TCP administrator:4754 localhost:1110 TIME_WAIT
TCP administrator:4756 localhost:1110 TIME_WAIT
TCP administrator:4757 localhost:1110 TIME_WAIT
TCP administrator:4760 localhost:1110 TIME_WAIT
TCP administrator:4763 localhost:1110 TIME_WAIT
TCP administrator:4766 localhost:1110 TIME_WAIT
TCP administrator:4767 localhost:1110 TIME_WAIT
TCP administrator:4770 localhost:1110 TIME_WAIT
TCP administrator:4771 localhost:1110 TIME_WAIT
TCP administrator:4774 localhost:1110 TIME_WAIT
TCP administrator:4775 localhost:1110 TIME_WAIT
TCP administrator:4780 localhost:1110 TIME_WAIT
TCP administrator:4782 localhost:1110 TIME_WAIT
TCP administrator:4784 localhost:1110 TIME_WAIT
TCP administrator:4786 localhost:1110 TIME_WAIT
TCP administrator:4788 localhost:1110 TIME_WAIT
TCP administrator:4790 localhost:1110 TIME_WAIT
TCP administrator:4791 localhost:1110 TIME_WAIT
TCP administrator:4794 localhost:1110 TIME_WAIT
TCP administrator:4796 localhost:1110 TIME_WAIT
TCP administrator:4800 localhost:1110 TIME_WAIT
TCP administrator:4803 localhost:1110 TIME_WAIT
TCP administrator:4807 localhost:1110 TIME_WAIT
TCP administrator:4814 localhost:1110 ESTABLISHED
TCP administrator:4816 localhost:1110 ESTABLISHED
TCP administrator:4818 localhost:1110 TIME_WAIT
TCP administrator:4830 localhost:1110 TIME_WAIT
TCP administrator:4832 localhost:1110 TIME_WAIT
TCP administrator:4834 localhost:1110 TIME_WAIT
TCP administrator:4837 localhost:1110 TIME_WAIT
TCP administrator:4840 localhost:1110 TIME_WAIT
TCP administrator:4842 localhost:1110 TIME_WAIT
TCP administrator:4844 localhost:1110 ESTABLISHED
TCP administrator:4845 localhost:1110 ESTABLISHED
TCP administrator:4847 localhost:1110 ESTABLISHED
TCP administrator:4850 localhost:1110 ESTABLISHED
TCP administrator:4852 localhost:1110 ESTABLISHED
TCP administrator:4853 localhost:1110 ESTABLISHED
TCP administrator:4854 localhost:1110 ESTABLISHED
TCP administrator:4855 localhost:1110 ESTABLISHED
TCP administrator:4860 localhost:1110 ESTABLISHED
TCP administrator:4861 localhost:1110 ESTABLISHED
TCP administrator:4864 localhost:1110 ESTABLISHED
TCP administrator:4866 localhost:1110 ESTABLISHED
TCP administrator:4869 localhost:1110 ESTABLISHED
TCP administrator:4872 localhost:1110 ESTABLISHED
TCP administrator:4874 localhost:1110 ESTABLISHED
TCP administrator:4876 localhost:1110 ESTABLISHED
TCP administrator:4896 localhost:1110 ESTABLISHED
TCP administrator:4898 localhost:1110 ESTABLISHED
|
Does this mean that my pc is hacked.
I have no server Or anything running on my system. |
|
|
|
|
|
|
|
|
Posted: Tue Jun 30, 2009 11:25 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Its possible it's hacked or a virus, but we need some more info.. perhaps your process list or something..
Try run an antivirus and antispyware. |
|
|
|
|
Posted: Wed Jul 01, 2009 12:53 am |
|
|
BoboTiG |
Advanced user |
|
|
Joined: Jun 22, 2009 |
Posts: 66 |
|
|
|
|
|
|
|
And If you can give us programs loaded at boot (msconfig) too. |
|
|
|
|
|
- |
|
Posted: Wed Jul 01, 2009 7:58 am |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Jul 01, 2009 10:35 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Do you know what rthdcpl.exe, vbptask.exe, and hkcmd.exe are? If not, kill them and see if it solves your problem |
|
|
|
|
Posted: Wed Jul 01, 2009 11:46 am |
|
|
shyspy |
Advanced user |
|
|
Joined: Jun 08, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
gibbocool wrote: | Do you know what rthdcpl.exe, vbptask.exe, and hkcmd.exe are? If not, kill them and see if it solves your problem |
well i trie dthhs but doesn't help and some process like klwtblfs.exe and otehrs can't be ended.
Also now my pc is running very very slow ....
I have formated it but as soon as i connect to the internet its again infected.
One more thing m using win xp pro do i need to update it Or go for vista will it provide more security or something. |
|
|
|
|
|
|
|
|
Posted: Wed Jul 01, 2009 12:29 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
rthdcpl.exe
Quote: | rthdcpl.exe is a process belonging to the Realtek HD Audio Control Panel and is bundled alongside Realtek sound cards and audio hardware. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems.\r" |
vbptask.exe
Quote: | vbptask.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 114,688 bytes (39% of all occurrence), 122,880 bytes, 118,784 bytes, 131,072 bytes, 139,264 bytes, 110,592 bytes, 143,360 bytes, 135,168 bytes, 237,568 bytes, 159,744 bytes.
vbptask.exe is not a Windows core file. Program is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). The program has no visible window. vbptask.exe is able to hide itself. Therefore the technical security rating is 56% dangerous, however also read the users reviews. |
hkcmd.exe
Quote: | "hkcmd.exe" is Intel's "extreme" grahics hot key interceptor. If you never use the Intel hotkeys, you can go to Control Panel > Intel Extreme Graphics > Hot Keys and turn them off.
Get more detailed information about hkcmd.exe and all other running background processes with Security Task Manager.
Note: Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection!
|
|
|
|
|
|
|
|
|
|
Posted: Wed Jul 01, 2009 7:10 pm |
|
|
BoboTiG |
Advanced user |
|
|
Joined: Jun 22, 2009 |
Posts: 66 |
|
|
|
|
|
|
|
In msconfig, do not check NULL and vchost. vchost is a spyware. |
|
|
|
|
|
Security Task Manager1.7 |
|
Posted: Thu Jun 17, 2010 7:26 am |
|
|
arun005 |
Beginner |
|
|
Joined: Jun 17, 2010 |
Posts: 1 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Oct 04, 2010 4:47 am |
|
|
ashin |
Beginner |
|
|
Joined: Oct 04, 2010 |
Posts: 1 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Tue Oct 05, 2010 3:51 am |
|
|
sk8er |
Advanced user |
|
|
Joined: May 09, 2005 |
Posts: 64 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|