Results 1 to 2 of 2

Thread: I can't stop some suspicious process?

  1. #1
    drxuyan Guest

    Default I can't stop some suspicious process?

    The following is what I observed with TCPviewer. Apparently, someone is peeking or even hacking my computer. The address 207.46.248.249:80 shouldn't be connetected with my explorer. [System Process]:0 is also abnormal. Like System 4 it often connects to some unexpected address. But I can't stop both System process:0 and System 4 process. Can Zone Alarm product do that?
    I had been hacked by someone I know for two years. Although I sent email to persuade him to
    stop it, but he continues. He had modified my word, excel and powerpoint files which are very important to my work. I don't know if he is sick. Can anyone give me some
    suggestions?
    Annie

    [System Process]:0
    TCP
    158.132.205.246:1174
    158.132.205.251:9100
    TIME_WAIT

    [System Process]:0
    TCP
    158.132.205.246:1177
    60.254.131.43:80
    TIME_WAIT

    alg.exe:480
    TCP
    127.0.0.1:1030
    0.0.0.0:0
    LISTENING

    explorer.exe:1372
    TCP
    158.132.205.246:1175
    207.46.248.249:80
    ESTABLISHED

    explorer.exe:1372
    TCP
    158.132.205.246:1176
    207.46.248.249:80
    ESTABLISHED

    lsass.exe:692
    UDP
    0.0.0.0:500
    *:*


    lsass.exe:692
    UDP
    0.0.0.0:4500
    *:*


    mantispm.exe:2276
    TCP
    158.132.205.246:1145
    204.212.170.210:80
    CLOSE_WAIT

    spoolsv.exe:1400
    UDP
    0.0.0.0:1025
    *:*


    svchost.exe:1012
    UDP
    0.0.0.0:1039
    *:*


    svchost.exe:1012
    UDP
    0.0.0.0:1151
    *:*


    svchost.exe:1048
    UDP
    127.0.0.1:1900
    *:*


    svchost.exe:1048
    UDP
    158.132.205.246:1900
    *:*


    svchost.exe:888
    TCP
    0.0.0.0:135
    0.0.0.0:0
    LISTENING

    System:4
    TCP
    0.0.0.0:445
    0.0.0.0:0
    LISTENING

    System:4
    TCP
    158.132.205.246:139
    0.0.0.0:0
    LISTENING

    System:4
    UDP
    0.0.0.0:445
    *:*


    System:4
    UDP
    158.132.205.246:137
    *:*


    System:4
    UDP
    158.132.205.246:138
    *:*

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: I can't stop some suspicious process?

    Hi!Uuuhm... I am not an expert on networks and hackers... but I don't see anything suspicious in your logs...This is supposed to be your IP: 158.132.205.246Connecting from Honk Kong? From an university department?You are firewalled and there are no services open to the outside...You have been looking for softwareor downloading something at www.tucows.com, correct?And probably you have been printing to an HP printer on the university network(just guessing)The rest points to your own PC (0.0.0.0.0 or 127.0.0.0) i.e. Harmless.What antivirus solution are you using? If on ZASS can you post the version (right click on the ZA tray icon --> about --> copy to clipboard --> paste it here)Cheers,Fax

    Message Edited by fax on 03-10-2007 09:36 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •