Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Weird Foreign Address, Im being hacked?  (Read 534 times)

0 Members and 1 Guest are viewing this topic.

bobik2222

    Topic Starter


    Starter

    • Experience: Familiar
    • OS: Windows 10
    Weird Foreign Address, Im being hacked?
    « on: March 04, 2018, 02:45:25 PM »
    I have bought my laptop second-hand and did a clean windows 10 resinstall. Virus scanned and malware scanned my PC (still running) But when I excuted
    Code: [Select]
    netstat -a -o in my commands prompt. I saw something weird.

     
    Code: [Select]
    Proto  Local Address          Foreign Address        State           PID
      TCP    0.0.0.0:80             DESKTOP-DMHUIRU:0      LISTENING       3392
      TCP    0.0.0.0:135            DESKTOP-DMHUIRU:0      LISTENING       8
      TCP    0.0.0.0:445            DESKTOP-DMHUIRU:0      LISTENING       4
      TCP    0.0.0.0:1536           DESKTOP-DMHUIRU:0      LISTENING       680
      TCP    0.0.0.0:1537           DESKTOP-DMHUIRU:0      LISTENING       1428
      TCP    0.0.0.0:1538           DESKTOP-DMHUIRU:0      LISTENING       1308
      TCP    0.0.0.0:1539           DESKTOP-DMHUIRU:0      LISTENING       3124
      TCP    0.0.0.0:1541           DESKTOP-DMHUIRU:0      LISTENING       740
      TCP    0.0.0.0:1542           DESKTOP-DMHUIRU:0      LISTENING       748
      TCP    0.0.0.0:3306           DESKTOP-DMHUIRU:0      LISTENING       4160
      TCP    0.0.0.0:8123           DESKTOP-DMHUIRU:0      LISTENING       8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:0      LISTENING       8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1306   ESTABLISHED     8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1308   ESTABLISHED     8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1310   ESTABLISHED     8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1312   ESTABLISHED     8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1314   ESTABLISHED     8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1316   ESTABLISHED     8188
      TCP    127.0.0.1:1304         DESKTOP-DMHUIRU:1318   ESTABLISHED     8188

    The Foreign Adress seems very sketchy to me the Foreign Address DESKTOP-DMHUIRU:0 is LISTENING and ESTABLISHED a almost all ports.

    Am I being hacked?

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 984
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Weird Foreign Address, Im being hacked?
    « Reply #1 on: March 04, 2018, 04:55:49 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please explain to me how you did the "Clean Install".
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    bobik2222

      Topic Starter


      Starter

      • Experience: Familiar
      • OS: Windows 10
      Re: Weird Foreign Address, Im being hacked?
      « Reply #2 on: March 05, 2018, 09:34:47 AM »
      Thanks for your respond, I have installed windows 10 from an external usb and did a factory reset by choosing the option "remove everything"

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 984
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Weird Foreign Address, Im being hacked?
      « Reply #3 on: March 05, 2018, 10:31:03 AM »
      What was on the laptop before the install? Why did you run netstat?
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      bobik2222

        Topic Starter


        Starter

        • Experience: Familiar
        • OS: Windows 10
        Re: Weird Foreign Address, Im being hacked?
        « Reply #4 on: March 05, 2018, 01:39:32 PM »
        The seller did fresh windows 10 install, but I didn't trust it so installed a did a fresh install myself, I ran nestat because I'm trying to run a local server on my pc for my local website

        BC_Programmer


          Mastermind
        • Typing is no substitute for thinking.
        • Thanked: 1074
          • Yes
          • Yes
          • BC-Programming.com
        • Certifications: List
        • Computer: Specs
        • Experience: Beginner
        • OS: Windows 8
        Re: Weird Foreign Address, Im being hacked?
        « Reply #5 on: March 05, 2018, 02:12:56 PM »
        There is nothing unusual in that netstat.

        it indicates the state of open ports on the local system."DESKTOP-DMHUIRU" is the name of your computer. "DESKTOP-DMHUIRU:0" means it is listening for connections from that system. Since there is no remote connection there is no remote port, thus 0.

        If you w ant to find out what has established connections you can determine what process the Process ID in the right-most column is. (Task Manager's Details tab shows the PID)

        I was trying to dereference Null Pointers before it was cool.

        Steve221



          Starter

          • Experience: Experienced
          • OS: Windows 8
          Re: Weird Foreign Address, Im being hacked?
          « Reply #6 on: March 05, 2018, 02:17:34 PM »
          That sounds extremely dodgy to me as well.  If you are noticing connections from an external IP address that you have not made yourself (e.g. via knowingly being online), it could potentially indicate that the device is compromised.  Have you noticed any other unusual things with your computer lately, such as your internet traffic being redirected to other websites, unusual toolbars, or pop-ups (any pop-up that appears while you have not opened your internet browser is a surefire sign of malware).  Also, do not under any circumstances access anything with your financial information on any potentially infected device.  If one is being hacked, it's almost always money that they're after in one way or another.  Typically, the hackers are an outright thief who is looking to steal someone's hard earned money, connecting a bunch of computers through a botnet in order to do devious things online while hiding their IP address,  or seeking to redirect your internet traffic to websites/ads that they are profiting from (or any combination of the above).  Also, an absence of computer symptoms doesn't just mean you are okay.  It could mean that either the malware is not being actively used at the moment OR it is being used in a manner that is stealthy enough that you aren't able to easily notice it (which doesn't necessarily mean that they couldn't be actively stealing info or using your computer for nefarious purposes).

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 984
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Weird Foreign Address, Im being hacked?
          « Reply #7 on: March 06, 2018, 08:06:14 AM »
          If you did two fresh installs it's highly unlikely that the computer is infected but we can run some scans, if you wish. Just let me know.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          Salmon Trout



            Genius

            Thanked: 915
            • Yes
          • Computer: Specs
          • Experience: Experienced
          • OS: Other
          Re: Weird Foreign Address, Im being hacked?
          « Reply #8 on: March 06, 2018, 08:56:15 AM »
          If you did two fresh installs it's highly unlikely that the computer is infected

          Depends where the install media came from. Illegal media or downloads can carry trojans.