Status
Not open for further replies.

MAHAPATRA

Right off the assembly line
Result from netstat command......
comp name=hided (changed)

Active Connections

Proto Local Address Foreign Address State
TCP hided:81 hided:0 LISTENING
TCP hided:epmap hided:0 LISTENING
TCP hided:1025 hided:0 LISTENING
TCP hided:1025 1.httpdads.com:4277 ESTABLISHED
TCP hided:1025 1.httpdads.com:4364 TIME_WAIT
TCP hided:1025 1.httpdads.com:4372 TIME_WAIT
TCP hided:1025 1.httpdads.com:4375 TIME_WAIT
TCP hided:1025 1.httpdads.com:4377 TIME_WAIT
TCP hided:1025 1.httpdads.com:4378 TIME_WAIT
TCP hided:1025 1.httpdads.com:4382 TIME_WAIT
TCP hided:1025 1.httpdads.com:4384 TIME_WAIT
TCP hided:1025 1.httpdads.com:4389 TIME_WAIT
TCP hided:1025 1.httpdads.com:4426 TIME_WAIT
TCP hided:1025 1.httpdads.com:4429 TIME_WAIT
TCP hided:1025 1.httpdads.com:4431 ESTABLISHED
TCP hided:1025 1.httpdads.com:4433 ESTABLISHED
TCP hided:1025 1.httpdads.com:4435 ESTABLISHED
TCP hided:1025 1.httpdads.com:4436 ESTABLISHED
TCP hided:1025 1.httpdads.com:4439 ESTABLISHED
TCP hided:1025 1.httpdads.com:4440 ESTABLISHED
TCP hided:1025 1.httpdads.com:4442 ESTABLISHED
TCP hided:1025 1.httpdads.com:4444 ESTABLISHED
TCP hided:1025 1.httpdads.com:4447 ESTABLISHED
TCP hided:1025 1.httpdads.com:4448 ESTABLISHED
TCP hided:1025 1.httpdads.com:4478 TIME_WAIT
TCP hided:1025 1.httpdads.com:4488 ESTABLISHED
TCP hided:1025 1.httpdads.com:4490 ESTABLISHED
TCP hided:1025 1.httpdads.com:4492 ESTABLISHED
TCP hided:1025 1.httpdads.com:4494 ESTABLISHED
TCP hided:1025 1.httpdads.com:4496 ESTABLISHED
TCP hided:1025 1.httpdads.com:4498 ESTABLISHED
TCP hided:1025 1.httpdads.com:4500 ESTABLISHED
TCP hided:1025 1.httpdads.com:4502 ESTABLISHED
TCP hided:1025 1.httpdads.com:4504 ESTABLISHED
TCP hided:1025 1.httpdads.com:4506 ESTABLISHED
TCP hided:1025 1.httpdads.com:4508 ESTABLISHED
TCP hided:1025 1.httpdads.com:4510 ESTABLISHED
TCP hided:1025 1.httpdads.com:4511 ESTABLISHED
TCP hided:1025 1.httpdads.com:4514 ESTABLISHED
TCP hided:1025 1.httpdads.com:4516 ESTABLISHED
TCP hided:1025 1.httpdads.com:4517 ESTABLISHED
TCP hided:1027 hided:0 LISTENING
TCP hided:4277 1.httpdads.com:1025 ESTABLISHED
TCP hided:4330 1.httpdads.com:1025 TIME_WAIT
TCP hided:4335 1.httpdads.com:1025 TIME_WAIT
TCP hided:4337 1.httpdads.com:1025 TIME_WAIT
TCP hided:4339 1.httpdads.com:1025 TIME_WAIT
TCP hided:4341 1.httpdads.com:1025 TIME_WAIT
TCP hided:4397 1.httpdads.com:1025 TIME_WAIT
TCP hided:4400 1.httpdads.com:1025 TIME_WAIT
TCP hided:4401 1.httpdads.com:1025 TIME_WAIT
TCP hided:4404 1.httpdads.com:1025 TIME_WAIT
TCP hided:4405 1.httpdads.com:1025 TIME_WAIT
TCP hided:4431 1.httpdads.com:1025 ESTABLISHED
TCP hided:4433 1.httpdads.com:1025 ESTABLISHED
TCP hided:4435 1.httpdads.com:1025 ESTABLISHED
TCP hided:4436 1.httpdads.com:1025 ESTABLISHED
TCP hided:4439 1.httpdads.com:1025 ESTABLISHED
TCP hided:4440 1.httpdads.com:1025 ESTABLISHED
TCP hided:4442 1.httpdads.com:1025 ESTABLISHED
TCP hided:4444 1.httpdads.com:1025 ESTABLISHED
TCP hided:4447 1.httpdads.com:1025 ESTABLISHED
TCP hided:4448 1.httpdads.com:1025 ESTABLISHED
TCP hided:4456 1.httpdads.com:1025 TIME_WAIT
TCP hided:4486 1.httpdads.com:1025 TIME_WAIT
TCP hided:4488 1.httpdads.com:1025 ESTABLISHED
TCP hided:4490 1.httpdads.com:1025 ESTABLISHED
TCP hided:4492 1.httpdads.com:1025 ESTABLISHED
TCP hided:4494 1.httpdads.com:1025 ESTABLISHED
TCP hided:4496 1.httpdads.com:1025 ESTABLISHED
TCP hided:4498 1.httpdads.com:1025 ESTABLISHED
TCP hided:4500 1.httpdads.com:1025 ESTABLISHED
TCP hided:4502 1.httpdads.com:1025 ESTABLISHED
TCP hided:4504 1.httpdads.com:1025 ESTABLISHED
TCP hided:4506 1.httpdads.com:1025 ESTABLISHED
TCP hided:4508 1.httpdads.com:1025 ESTABLISHED
TCP hided:4510 1.httpdads.com:1025 ESTABLISHED
TCP hided:4511 1.httpdads.com:1025 ESTABLISHED
TCP hided:4514 1.httpdads.com:1025 ESTABLISHED
TCP hided:4516 1.httpdads.com:1025 ESTABLISHED
TCP hided:4517 1.httpdads.com:1025 ESTABLISHED
TCP hided:4278 hosted.by.cirn.net:http ESTABLISHED
TCP hided:4331 202.56.192.7:http TIME_WAIT
TCP hided:4334 202.56.192.6:http TIME_WAIT
TCP hided:4336 202.56.192.7:http TIME_WAIT
TCP hided:4338 202.56.192.7:http TIME_WAIT
TCP hided:4340 202.56.192.7:http TIME_WAIT
TCP hided:4342 202.56.192.7:http TIME_WAIT
TCP hided:4345 202.56.192.7:http TIME_WAIT
TCP hided:4398 202.56.192.7:http TIME_WAIT
TCP hided:4406 202.56.192.7:http TIME_WAIT
TCP hided:4407 202.56.192.8:http TIME_WAIT
TCP hided:4408 202.56.192.7:http TIME_WAIT
TCP hided:4410 202.56.192.7:http TIME_WAIT
TCP hided:4411 202.56.192.7:http TIME_WAIT
TCP hided:4432 202.56.192.7:http ESTABLISHED
TCP hided:4434 202.56.192.7:http ESTABLISHED
TCP hided:4437 202.56.192.7:http ESTABLISHED
TCP hided:4438 202.56.192.7:http ESTABLISHED
TCP hided:4441 202.56.192.7:http ESTABLISHED
TCP hided:4443 202.56.192.7:http ESTABLISHED
TCP hided:4445 202.56.192.7:http ESTABLISHED
TCP hided:4446 202.56.192.7:http ESTABLISHED
TCP hided:4449 202.56.192.7:http ESTABLISHED
TCP hided:4450 202.56.192.7:http ESTABLISHED
TCP hided:4453 s1.rd.scd.yahoo.com:http TIME_WAIT
TCP hided:4455 202.56.192.7:http TIME_WAIT
TCP hided:4457 bs1.vip.scd.yahoo.com:http TIME_WAIT
TCP hided:4461 login.passport.com:https TIME_WAIT
TCP hided:4463 p9.www.scd.yahoo.com:http TIME_WAIT
TCP hided:4487 thinkdigit.com:http TIME_WAIT
TCP hided:4489 thinkdigit.com:http ESTABLISHED
TCP hided:4491 thinkdigit.com:http ESTABLISHED
TCP hided:4493 thinkdigit.com:http ESTABLISHED
TCP hided:4495 thinkdigit.com:http ESTABLISHED
TCP hided:4497 thinkdigit.com:http ESTABLISHED
TCP hided:4499 thinkdigit.com:http ESTABLISHED
TCP hided:4501 thinkdigit.com:http ESTABLISHED
TCP hided:4503 thinkdigit.com:http ESTABLISHED
TCP hided:4505 thinkdigit.com:http ESTABLISHED
TCP hided:4507 thinkdigit.com:http ESTABLISHED
TCP hided:4509 thinkdigit.com:http ESTABLISHED
TCP hided:4512 thinkdigit.com:http ESTABLISHED
TCP hided:4513 thinkdigit.com:http ESTABLISHED
TCP hided:4515 thinkdigit.com:http ESTABLISHED
TCP hided:4518 thinkdigit.com:http ESTABLISHED
TCP hided:4519 thinkdigit.com:http ESTABLISHED
UDP hided:isakmp *:*
UDP hided:1028 *:*
UDP hided:4500 *:*
UDP hided:4325 *:*

What is host file ?
I am using Naviscope which uses 127.0.0.1 as proxy & I connect through this to net. I have Webroot Spysweeper which add common host shield (don't know what it is). After installing spysweeper this the netstat result. Early I didn't get this "1.httpdads.com".

Is it backdoor activity or something related to it ?

Config:
Norton Internet Security.
WinXP Sp2
Naviscope
Webroot Spysweeper
Spybot
 
Status
Not open for further replies.
Top Bottom