interpreting TCPview results

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I came home after a day away for work, to find my kids had managed to
infect the computer with all sorts of Spyware (Spyfalcon) and viruses
(Boxed.B & BeovenS!generic).

The viruses seemed easy enough to remove  (coming back just once)
unlike the Spyware.

I have looked into additional methods to protect my computer - one
option was to try TCPview.
However, I was unsure about the results which seemed very different to
examples I have seen.

I would appreciate comments on the log below.


alg.exe:180    TCP    bob-2lsxdgjcgtb:1031    bob-2lsxdgjcgtb:0    LISTENING
iexplore.exe:1572    UDP    bob-2lsxdgjcgtb:1299    *:*
iexplore.exe:1760    UDP    bob-2lsxdgjcgtb:1282    *:*
iSafe.exe:1420    TCP    bob-2lsxdgjcgtb:1025    bob-2lsxdgjcgtb:0    LISTENING
iSafe.exe:1420    TCP    bob-2lsxdgjcgtb:1026    bob-2lsxdgjcgtb:0    LISTENING
iSafe.exe:1420    TCP    bob-2lsxdgjcgtb:1027    bob-2lsxdgjcgtb:0    LISTENING
iSafe.exe:1420    TCP    bob-2lsxdgjcgtb:1025    localhost:1306    ESTABLISHED
iSafe.exe:1420    TCP    bob-2lsxdgjcgtb:1027    localhost:1029    ESTABLISHED
lsass.exe:700    UDP    bob-2lsxdgjcgtb:isakmp    *:*
lsass.exe:700    UDP    bob-2lsxdgjcgtb:4500    *:*
msnmsgr.exe:832    UDP    bob-2lsxdgjcgtb:1199    *:*
svchost.exe:1052    UDP    bob-2lsxdgjcgtb:1047    *:*
svchost.exe:1052    UDP    bob-2lsxdgjcgtb:1044    *:*
svchost.exe:1052    UDP    bob-2lsxdgjcgtb:1145    *:*
svchost.exe:1136    UDP    bob-2lsxdgjcgtb:1900    *:*
svchost.exe:1136    UDP    bob-2lsxdgjcgtb:1900    *:*
svchost.exe:928    TCP    bob-2lsxdgjcgtb:epmap    bob-2lsxdgjcgtb:0    LISTENING
svchost.exe:968    TCP    bob-2lsxdgjcgtb:netbios-ssn    bob-2lsxdgjcgtb:0    LISTENING
svchost.exe:968    UDP    bob-2lsxdgjcgtb:ntp    *:*
svchost.exe:968    UDP    bob-2lsxdgjcgtb:netbios-ns    *:*
svchost.exe:968    UDP    bob-2lsxdgjcgtb:ntp    *:*
svchost.exe:968    UDP    bob-2lsxdgjcgtb:netbios-dgm    *:*
System:4    TCP    bob-2lsxdgjcgtb:microsoft-ds    bob-2lsxdgjcgtb:0    LISTENING
System:4    UDP    bob-2lsxdgjcgtb:microsoft-ds    *:*
VetMsg.exe:1672    TCP    bob-2lsxdgjcgtb:1028    localhost:1025    ESTABLISHED
VetMsg.exe:1672    TCP    bob-2lsxdgjcgtb:1029    localhost:1027    ESTABLISHED

Re: interpreting TCPview results wrote:
Quoted text here. Click to load it

 Bob, other than killing the kids set up a logon account that has NO install
privileges but will let them use the malware infested Internet safely

* Physically disconnect the system from the Internet
* As your system has been majorly comprimised the best way to go is to
retrieve your Windows installation CD and FORMAT the hard drive then install
* Install required applications
* Defrag the hard drive
* Install ALL prevention protection on ALL logon User IDS
* Defrag the hard drive

Learn that you should NEVER use your correct  email address when posting to
publicly available newsgroups unless you want massive amounts of spam!
The spammer/scammers use automated procedures to gather valid email
addresses to send their cr@p to!
See CoU at least weekly:
I support the right to arm bears

Re: interpreting TCPview results

Many thanks for all the sound advice,

Perhaps I should borrow one of your armed bears for the kids.


Re: interpreting TCPview results wrote:
Quoted text here. Click to load it
As far as TCPView, you're the one who has to make the determination is
something running that should not be running or is something connecting
out or listening that should not be doing so.

I suggest that you use the other tools in the link other than TCPView
and look around some more.



Duane :)

Re: interpreting TCPview results


Thanks. I have started reading the articles. I will go back to my ISP
and see what programs they rcommend. One problem with free scans etc is
I am never sure who the people offering the scans etc are.

Regarding TCPview I have just started watching how it reacts to
everything I do on the net to see how it works and what looks odd.


Site Timeline