Hey all,

What I'm about to tell you is happening on a Windows 2K machine but I don't belong to a Windows group so I'm giving it a try here. I'm sure the problem isn't specific to Windows but it might have something to do with it. I do "netstat -a" on my system and everything makes sense except for the following connections

TCP amd1800x2:3095 free-gallery-hosting.dickworshipperz.com:http ESTABLISHED
TCP amd1800x2:3966 amd1800x2:0 LISTENING
TCP amd1800x2:4855 free-gallery-hosting.dickworshipperz.com:http ESTABLISHED
TCP amd1800x2:5000 free-gallery-hosting.dickworshipperz.com:http ESTABLISHED


I don't know why they're connected to my system and I've never visited that site, in fact if I type it into the browser nothing gets served up except for an error message saying I'm not authorized to access anything. A port scan reveals a server with the following ports listening: 21, 22, 25, 80, 110, 135, 137, 138, 139, 445, 587. The 13x ports suggest it's a Windows machine but the ssh and smtp suggest otherwise. Anyway, I suppose that's not really important, what is important is why the connection remains established even when I sever all internet access from the Windows machine, is that normal? Could there be something wrong with Zonealarm? Why is there a connection to me from this place anyway? I've found Google had 2 or 3 connections to me from their port 80 and it had been over 3 or 4 hours since I had last visited their site. I was running Kazaa and Gnucleus which are filesharing programs so there were plenty of other connections but they all disappeared when I shut down the software and stopped all internet activity. Also, I look at the lights on my cable modem and there's no traffic either way and when I do a netstat the connection is still there. Anyone have any suggestions as to why this connection might persist? Should I be worried?

Joe

I was running Kazaa


Was it just Kazaa or Kazaa lite?

Kazaa comes with spyware.

Kazaalite does not..

I would run this application and see what it finds.

http://www.safer-networking.org/

maybe run this one as well

http://www.lavasoftusa.com/software/adaware/

I'm running Kazaa. I've run both the spyware programs and surprisingly they found lots of stuff from Microsoft and some other programs that I didn't know about. It surprised me because I've always been wary of spyware and Kazaa is the first ad supported program I've downloaded in 4 or 5 years. Anyway, there's still a connection that shows up right away when I start my computer and it's not on their port 80 it's on 3531 this time. I've restarted my computer about 4 times and each time there was a different address so it's probably not a hacker, rather it's probably some software on my computer. However, I've already removed all the spyware with both of the programs above so what else might it be? The connected IP just changed on me while I was writing this post. It went from

TCP amd1800x2:1046 63.252.69.66:3531 ESTABLISHED
TCP amd1800x2:1051 hostero2.joltid.net:3531 ESTABLISHED
TCP amd1800x2:1052 hostero3.joltid.net:3531 ESTABLISHED
TCP amd1800x2:1054 217.212.240.10:3531 ESTABLISHED


to


TCP amd1800x2:1046 it-vlan-2-66.flexabit.net:3531 ESTABLISHED


Any suggestions?

Joe

Did you uninstall kazaa? If you don't uninstall it some of that spyware will stay on your computer. If you just remove the spyware itself then kazaa won't even run anymore because it depends on it to run. Its not that it needs it for anything, it just really wants the spyware on your computer. I would try to uninstall Kazaa, then run those applications again. Also spybot has a way for you to update the definitions on it like anti-virus software does. I would do that also

Use kazaalite not Kazaa.


I bet if you search your computer for "P2PNetworking.exe" you will find the snake in the grass that is opening those connections on that port.