Computer Hope
Software => Computer viruses and spyware => Topic started by: bobik2222 on March 04, 2018, 02:45:25 PM
-
I have bought my laptop second-hand and did a clean windows 10 resinstall. Virus scanned and malware scanned my PC (still running) But when I excuted
netstat -a -o
in my commands prompt. I saw something weird.
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 DESKTOP-DMHUIRU:0 LISTENING 3392
TCP 0.0.0.0:135 DESKTOP-DMHUIRU:0 LISTENING 8
TCP 0.0.0.0:445 DESKTOP-DMHUIRU:0 LISTENING 4
TCP 0.0.0.0:1536 DESKTOP-DMHUIRU:0 LISTENING 680
TCP 0.0.0.0:1537 DESKTOP-DMHUIRU:0 LISTENING 1428
TCP 0.0.0.0:1538 DESKTOP-DMHUIRU:0 LISTENING 1308
TCP 0.0.0.0:1539 DESKTOP-DMHUIRU:0 LISTENING 3124
TCP 0.0.0.0:1541 DESKTOP-DMHUIRU:0 LISTENING 740
TCP 0.0.0.0:1542 DESKTOP-DMHUIRU:0 LISTENING 748
TCP 0.0.0.0:3306 DESKTOP-DMHUIRU:0 LISTENING 4160
TCP 0.0.0.0:8123 DESKTOP-DMHUIRU:0 LISTENING 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:0 LISTENING 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1306 ESTABLISHED 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1308 ESTABLISHED 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1310 ESTABLISHED 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1312 ESTABLISHED 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1314 ESTABLISHED 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1316 ESTABLISHED 8188
TCP 127.0.0.1:1304 DESKTOP-DMHUIRU:1318 ESTABLISHED 8188
The Foreign Adress seems very sketchy to me the Foreign Address DESKTOP-DMHUIRU:0 is LISTENING and ESTABLISHED a almost all ports.
Am I being hacked?
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please explain to me how you did the "Clean Install".
-
Thanks for your respond, I have installed windows 10 from an external usb and did a factory reset by choosing the option "remove everything"
-
What was on the laptop before the install? Why did you run netstat?
-
The seller did fresh windows 10 install, but I didn't trust it so installed a did a fresh install myself, I ran nestat because I'm trying to run a local server on my pc for my local website
-
There is nothing unusual in that netstat.
it indicates the state of open ports on the local system."DESKTOP-DMHUIRU" is the name of your computer. "DESKTOP-DMHUIRU:0" means it is listening for connections from that system. Since there is no remote connection there is no remote port, thus 0.
If you w ant to find out what has established connections you can determine what process the Process ID in the right-most column is. (Task Manager's Details tab shows the PID)
-
That sounds extremely dodgy to me as well. If you are noticing connections from an external IP address that you have not made yourself (e.g. via knowingly being online), it could potentially indicate that the device is compromised. Have you noticed any other unusual things with your computer lately, such as your internet traffic being redirected to other websites, unusual toolbars, or pop-ups (any pop-up that appears while you have not opened your internet browser is a surefire sign of malware). Also, do not under any circumstances access anything with your financial information on any potentially infected device. If one is being hacked, it's almost always money that they're after in one way or another. Typically, the hackers are an outright thief who is looking to steal someone's hard earned money, connecting a bunch of computers through a botnet in order to do devious things online while hiding their IP address, or seeking to redirect your internet traffic to websites/ads that they are profiting from (or any combination of the above). Also, an absence of computer symptoms doesn't just mean you are okay. It could mean that either the malware is not being actively used at the moment OR it is being used in a manner that is stealthy enough that you aren't able to easily notice it (which doesn't necessarily mean that they couldn't be actively stealing info or using your computer for nefarious purposes).
-
If you did two fresh installs it's highly unlikely that the computer is infected but we can run some scans, if you wish. Just let me know.
-
If you did two fresh installs it's highly unlikely that the computer is infected
Depends where the install media came from. Illegal media or downloads can carry trojans.