Something on my laptop is scanning ports

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Since a few weeks my laptop is very slow with surfing (Internet
Explorer). I noticed high activity with my wireless interface and some
activity on the PnP Internet connection. I then checked the web and
found Ethereal Network protocol Analyzer, installed and ran it.

What I saw in the logfiles was constant activity appearing to originate
from the laptop, directed to the router (Sitecom WL-114) and back from
the router to the laptop. The portnumbers go up from about 1000 to
<unknown>. It just goes on and on. After 2 hours online the port
scanned is about 3900. It could be it has restarted from a certain
value but I haven't seen that.

I checked with Housecall from Trendmicro, Spybot S&D and AdAware with
recent libraries, nothing was found.

What could this be? A rootkit? How do I smoke it out? Anybody heard of
something like this?

When somebody knows how to read the capturefiles from Ethereal, please
let me know and I'll send it to you. I scanned for about 2 megs of
data.

Hope somebody can help.
Frank


Re: Something on my laptop is scanning ports

hairyharri wrote:
Quoted text here. Click to load it

The tools in the link like Process Explorer will help you pinpoint what
it is that's doing it. PE will let you look inside any running process
and let you see what is using the process or running with a process.

Long

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

Short

http://tinyurl.com/klw1

There is also PRCview that will let you look at and inside a running
process.

Duane :)


Site Timeline