I was talking with a friend who recently added the transparent console that Scott blogged about. He challenged me to inquire, "No spyware right?" I was relatively sure that there was not any, there was no install for transparent console, and I trust Scott.
So he added it to his machine, took my configuration settings. And while he was playing around with it, reported that he had just run a "netstat" and he was seeing a connection to some server in taiwan, a university in fact.
Now that's alarming. If you aren't browsing to a site with a .tw extension, and you're unsure of why there is a connection to a foreign country, the first inclincation is to shout "SPYWARE!!!".
So while talking with him we were using liutilities.com to check each process to make sure there was no virus, or spyware running. There wasn't. So after making sure all his running processes were legit, he started closing system tray programs, and then running the netstat command again.
After closing Skype. It went away. I'm not sure why Skype was connecting to Taiwan, maybe someone there had added my friend as a contact? Or was trying to see if he was online, but either way, it was good to find out what was using the connection.
Type netstat from a command prompt and see what's going on.
Active Connections Proto Local Address Foreign Address State PID TCP bristow:2931 gunder-102.amerion.net:http ESTABLISHED 3620 [RSSBandit.exe] TCP bristow:2942 bradsoft.com:http ESTABLISHED 3620 [RSSBandit.exe] TCP bristow:2949 cp82.mysite4now.com:http ESTABLISHED 3620 [RSSBandit.exe] TCP bristow:http localhost:2951 ESTABLISHED 1832 [inetinfo.exe] TCP bristow:2951 localhost:http ESTABLISHED 3620 [RSSBandit.exe]
Remember Me
Powered by: newtelligence dasBlog 1.9.6264.0
Disclaimer The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.
© Copyright 2008, John Batdorf
E-mail
E-mail