New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 24)
· Marcia's (CO8)
· Bill G's (CO12)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1157
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Many Active Connections

 
Post new topic   Reply to topic       Computer Cops Forum Index -> General Security
View previous topic :: View next topic  
Author Message
wordless

Cadet
Cadet



Joined: Jun 05, 2004
Posts: 2
Location: USA
PostPosted: Sat Jun 05, 2004 5:51 pm    Post subject: Many Active Connections
Reply with quote
I'm on a 28k dial-up connection, using Windows XP Home, and have noticed a sgnificant slow down due to a whole heck of a lot of Active Connections. The file I attached has a few, but there is usually more, yet they all look the same Confused

I've closed the following ports (using Windows Worms Door Cleaner) with no luck:
-135
-137
-138
-139
-445
-5000
-NetBios/RPC ports

I have disabled Automatic Updates and the Messenger Service too.

I also am not well gounded in computer knowledge, so I don't even know if I am on the right track.

Thanks Very Happy

netstat.txt
 Description:
Active Connections

Download
 Filename:  netstat.txt
 Filesize:  5.01 KB
 Downloaded:  1 Time(s)
Back to top
View users profile Send private message
virus_guy

Trooper
Trooper



Joined: Apr 16, 2004
Posts: 31
Location: Pakistan
PostPosted: Sat Jun 05, 2004 6:20 pm    Post subject:
Reply with quote
Hi.
First off..are you using a firewall?Next...it seems like your computer has a backdoor installed in it..seeing the number of active connections..if i were you i would get a firewall and then go and scan my computer for viruses.You can scan your computer online at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Its really weird that your NetBios port was left opened..that definitely means that your computer has been hacked..unless you turned it on on purpose.You really should disable it..or password protect it.Look for information on the NetBios port in google and you should come up with a lot of stuff.
Hope that helps Very Happy
_________________
Website=coming soon.
Back to top
View users profile Send private message MSN Messenger
wordless

Cadet
Cadet



Joined: Jun 05, 2004
Posts: 2
Location: USA
PostPosted: Sat Jun 05, 2004 9:24 pm    Post subject:
Reply with quote
I removed a backdoor two days ago using AVG Free, but I believe I have just fixed my computer.

I was going through my running processes, by typing them in Google to see what came back, and about the third program down, scrgrd.exe, returned only two results that I don't think had much to do about anything. So I ended the process.... And vola! No more Active Connections.

However, tomorrow will be the real test after the rest of my family uses the computer. Plus I cannot find the file.

File: SCRGRD.EXE
Location: c:\windows\system\scrgrd.exe

[edit]
Just installed Kerio, and it's working already. It has warned me about SCRGRD trying to connect and another program WKSSVR. Both of which I cannot locate to delete.

File WKSSVR.EXE
Location: c:\windows\system32\wkssvr.exe

Other then that, the computer is working fine.

How should I delete these? Reboot and run HijackThis?
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       Computer Cops Forum Index -> General Security All times are GMT - 5 Hours
Page 1 of 1

 
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 691 pages served in previous 5 minutes. Page Rendered: 0.467 seconds.