HELP!! (i THINK) SYN_SENT/ EMAP/ ????

rogerbaby2001rogerbaby2001
edited May 2005 in Hardware
Greetings !!!
Thank god you've got experts online and ready (I hope ) to save me from myself yet again...I rec'd some sort of warning etc that prompted me to run netstst -a to see what I could see and OHHH MMYYY Fng GOODDD. it looks like someone or something has opened or is listening on all my ports or am I reading things wrong ?? I run xp pro on comcast pro connection and use amd 64/3200 fast memmory (dont know what all you need here) but here is a portion of the 4 pages of my netstat report at netstat -p tcp -n


C:\Documents and Settings\123>NETSTAT -P TCP -N

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:3403 127.0.0.1:3404 ESTABLISHED
TCP 127.0.0.1:3404 127.0.0.1:3403 ESTABLISHED
TCP 192.168.0.13:1335 64.86.101.48:80 ESTABLISHED
TCP 192.168.0.13:3268 62.129.131.34:6667 SYN_SENT
TCP 192.168.0.13:3376 192.168.0.65:445 SYN_SENT
TCP 192.168.0.13:3381 192.167.255.217:445 SYN_SENT
TCP 192.168.0.13:3386 192.167.255.124:445 SYN_SENT
TCP 192.168.0.13:3387 192.168.0.158:445 SYN_SENT
TCP 192.168.0.13:3391 192.167.255.216:445 SYN_SENT
TCP 192.168.0.13:3397 192.167.255.123:445 SYN_SENT
TCP 192.168.0.13:3398 192.167.255.215:445 SYN_SENT
TCP 192.168.0.13:3399 192.167.255.122:445 SYN_SENT
TCP 192.168.0.13:3402 192.167.255.121:445 SYN_SENT
TCP 192.168.0.13:3406 192.168.0.159:445 SYN_SENT
TCP 192.168.0.13:3407 192.167.255.120:445 SYN_SENT
TCP 192.168.0.13:3408 192.168.0.160:445 SYN_SENT
TCP 192.168.0.13:3411 192.167.255.214:445 SYN_SENT
TCP 192.168.0.13:3414 192.167.255.213:445 SYN_SENT
TCP 192.168.0.13:3418 192.168.0.161:445 SYN_SENT
TCP 192.168.0.13:3419 192.167.255.119:445 SYN_SENT
TCP 192.168.0.13:3420 192.167.255.118:445 SYN_SENT
TCP 192.168.0.13:3421 192.168.0.162:445 SYN_SENT
TCP 192.168.0.13:3422 192.168.0.163:445 SYN_SENT
TCP 192.168.0.13:3423 192.167.255.212:445 SYN_SENT
TCP 192.168.0.13:3426 192.168.0.164:445 SYN_SENT
TCP 192.168.0.13:3427 192.167.255.211:445 SYN_SENT
TCP 192.168.0.13:3429 192.168.0.165:445 SYN_SENT
TCP 192.168.0.13:3431 192.167.255.210:445 SYN_SENT
TCP 192.168.0.13:3434 192.168.0.66:445 SYN_SENT
TCP 192.168.0.13:3437 192.167.255.117:445 SYN_SENT
TCP 192.168.0.13:3438 192.167.255.209:445 SYN_SENT
TCP 192.168.0.13:3439 192.167.255.116:445 SYN_SENT
TCP 192.168.0.13:3440 192.167.255.115:445 SYN_SENT
TCP 192.168.0.13:3441 192.167.255.109:135 SYN_SENT
TCP 192.168.0.13:3442 192.167.255.197:135 SYN_SENT
TCP 192.168.0.13:3443 192.168.0.166:445 SYN_SENT
TCP 192.168.0.13:3444 192.168.0.82:135 SYN_SENT
TCP 192.168.0.13:3445 192.168.0.167:445 SYN_SENT
TCP 192.168.0.13:3446 192.167.255.196:135 SYN_SENT
TCP 192.168.0.13:3447 192.167.255.208:445 SYN_SENT
TCP 192.168.0.13:3448 192.167.255.108:135 SYN_SENT
TCP 192.168.0.13:3449 192.167.255.114:445 SYN_SENT
TCP 192.168.0.13:3450 192.168.0.67:445 SYN_SENT
TCP 192.168.0.13:3451 192.167.255.207:445 SYN_SENT
TCP 192.168.0.13:3452 192.168.0.83:135 SYN_SENT
TCP 192.168.0.13:3453 192.168.0.168:445 SYN_SENT
TCP 192.168.0.13:3454 192.168.0.175:135 SYN_SENT
TCP 192.168.0.13:3455 192.168.0.68:445 SYN_SENT
TCP 192.168.0.13:3456 192.168.0.84:135 SYN_SENT
TCP 192.168.0.13:3457 192.167.255.206:445 SYN_SENT
TCP 192.168.0.13:3458 192.168.0.85:135 SYN_SENT
TCP 192.168.0.13:3459 192.167.255.195:135 SYN_SENT
TCP 192.168.0.13:3460 192.167.255.205:445 SYN_SENT
TCP 192.168.0.13:3461 192.168.0.86:135 SYN_SENT
TCP 192.168.0.13:3462 192.168.0.169:445 SYN_SENT
TCP 192.168.0.13:3463 192.167.255.204:445 SYN_SENT
TCP 192.168.0.13:3464 192.168.0.69:445 SYN_SENT
TCP 192.168.0.13:3465 192.167.255.113:445 SYN_SENT
TCP 192.168.0.13:3466 192.168.0.87:135 SYN_SENT
TCP 192.168.0.13:3467 192.167.255.112:445 SYN_SENT
TCP 192.168.0.13:3468 192.168.0.70:445 SYN_SENT
TCP 192.168.0.13:3469 192.168.0.170:445 SYN_SENT
TCP 192.168.0.13:3470 192.168.0.71:445 SYN_SENT
TCP 192.168.0.13:3471 192.168.0.176:135 SYN_SENT
TCP 192.168.0.13:3472 192.168.0.72:445 SYN_SENT
TCP 192.168.0.13:3473 192.168.0.73:445 SYN_SENT
TCP 192.168.0.13:3474 192.167.255.203:445 SYN_SENT
TCP 192.168.0.13:3475 192.167.255.202:445 SYN_SENT
TCP 192.168.0.13:3476 192.168.0.74:445 SYN_SENT
TCP 192.168.0.13:3478 192.168.0.75:445 SYN_SENT
TCP 192.168.0.13:3479 192.167.255.201:445 SYN_SENT
TCP 192.168.0.13:3480 192.167.255.107:135 SYN_SENT
TCP 192.168.0.13:3481 192.168.0.76:445 SYN_SENT
TCP 192.168.0.13:3482 192.168.0.177:135 SYN_SENT
TCP 192.168.0.13:3483 192.167.255.106:135 SYN_SENT
TCP 192.168.0.13:3484 192.168.0.77:445 SYN_SENT
TCP 192.168.0.13:3485 192.168.0.78:445 SYN_SENT
TCP 192.168.0.13:3486 192.168.0.88:135 SYN_SENT
TCP 192.168.0.13:3487 192.167.255.111:445 SYN_SENT
TCP 192.168.0.13:3488 192.167.255.105:135 SYN_SENT
TCP 192.168.0.13:3489 192.168.0.178:135 SYN_SENT
TCP 192.168.0.13:3490 192.168.0.171:445 SYN_SENT
TCP 192.168.0.13:3491 192.168.0.79:445 SYN_SENT
TCP 192.168.0.13:3492 192.168.0.172:445 SYN_SENT
TCP 192.168.0.13:3493 192.168.0.173:445 SYN_SENT
TCP 192.168.0.13:3494 192.167.255.194:135 SYN_SENT
TCP 192.168.0.13:3495 192.167.255.110:445 SYN_SENT
TCP 192.168.0.13:3496 192.167.255.193:135 SYN_SENT
TCP 192.168.0.13:3497 192.167.255.200:445 SYN_SENT
TCP 192.168.0.13:3498 192.167.255.104:135 SYN_SENT
TCP 192.168.0.13:3499 192.168.0.174:445 SYN_SENT
TCP 192.168.0.13:3500 192.167.255.199:445 SYN_SENT
TCP 192.168.0.13:3501 192.167.255.198:445 SYN_SENT
TCP 192.168.0.13:3502 192.168.0.80:445 SYN_SENT
TCP 192.168.0.13:3503 192.168.0.81:445 SYN_SENT
TCP 192.168.0.13:3983 192.168.0.12:135 TIME_WAIT
TCP 192.168.0.13:4083 192.168.0.12:445 TIME_WAIT
TCP 192.168.0.13:4793 192.168.0.12:135 TIME_WAIT
TCP 192.168.0.13:4973 192.168.0.12:445 TIME_WAIT

C:\Documents and Settings\123>C
'C' is not recognized as an internal or external command,
operable program or batch file.
the list for regular netstat is huge



C:\Documents and Settings\123>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 123-b4w9utdcjsv:3403 localhost:3404 ESTABLISHED
TCP 123-b4w9utdcjsv:3404 localhost:3403 ESTABLISHED
TCP 123-b4w9utdcjsv:1335 64.86.101.48:http ESTABLISHED
TCP 123-b4w9utdcjsv:3269 big-putubntap07.chn.comcast.net:epmap TIME_WAIT

TCP 123-b4w9utdcjsv:3372 big-putubntap07.chn.comcast.net:microsoft-ds TI
ME_WAIT
TCP 123-b4w9utdcjsv:4081 192.167.255.181:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4082 192.167.255.21:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4083 192.168.1.5:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4085 192.167.255.20:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4086 192.167.255.19:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4088 192.167.255.18:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4089 192.168.0.101:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4090 192.168.1.6:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4093 big-putubntap07.chn.comcast.net:epmap TIME_WAIT

TCP 123-b4w9utdcjsv:4096 192.167.255.180:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4097 192.168.0.102:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4101 192.167.255.179:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4104 192.168.1.7:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4105 192.168.0.103:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4106 192.168.0.104:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4107 192.168.1.8:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4112 192.168.1.9:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4113 192.168.1.10:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4115 192.168.1.11:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4121 192.167.255.17:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4122 192.168.1.12:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4123 192.167.255.16:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4126 192.168.1.13:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4129 192.168.0.105:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4132 192.167.255.169:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4133 192.168.0.8:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4134 192.167.255.178:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4136 192.168.0.21:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4137 192.168.1.14:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4138 192.167.255.168:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4139 192.167.255.177:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4140 192.168.0.22:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4141 192.168.0.7:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4142 192.168.0.23:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4143 192.168.0.106:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4144 192.168.0.107:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4145 192.168.0.113:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4146 192.168.0.6:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4147 192.168.0.15:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4149 192.168.0.14:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4150 192.167.255.167:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4151 192.168.0.24:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4152 62.129.131.34:6667 SYN_SENT
TCP 123-b4w9utdcjsv:4153 192.168.0.114:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4154 192.167.255.166:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4155 192.167.255.176:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4156 192.168.0.115:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4157 192.168.0.16:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4158 192.168.0.25:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4159 192.168.0.116:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4160 192.168.0.117:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4161 192.168.0.118:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4162 192.168.0.26:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4163 192.167.255.165:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4164 192.167.255.164:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4165 192.168.0.17:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4166 192.167.255.175:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4168 TATIANA.chn.comcast.net:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4169 192.168.0.119:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4170 192.168.0.5:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4171 192.168.0.120:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4172 192.168.0.121:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4173 192.167.255.174:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4174 192.168.0.18:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4175 big-putubntap07.chn.comcast.net:microsoft-ds ES
TABLISHED
TCP 123-b4w9utdcjsv:4177 192.168.0.122:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4178 192.168.0.4:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4179 192.167.255.163:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4180 192.167.255.162:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4181 192.168.0.3:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4182 192.167.255.173:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4183 192.168.0.19:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4184 192.168.0.108:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4185 192.168.0.2:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4186 192.168.0.20:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4187 192.167.255.161:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4188 192.167.255.172:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4189 192.168.0.109:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4190 192.167.255.171:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4191 chadmin.chn.comcast.net:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4192 192.167.255.160:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4193 192.167.255.159:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4195 192.167.255.170:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4197 192.168.0.110:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4198 123-b4w9utdcjsv.chn.comcast.net:microsoft-ds SY
N_SENT
TCP 123-b4w9utdcjsv:4199 192.168.0.111:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4200 192.167.255.158:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4201 192.168.0.112:microsoft-ds SYN_SENT
TCP 123-b4w9utdcjsv:4202 192.167.255.254:epmap SYN_SENT
TCP 123-b4w9utdcjsv:4203 192.168.0.9:microsoft-ds SYN_SENT

C:\Documents and Settings\123>>^V

whats up??

Comments

  • lemonlimelemonlime Canada Member
    edited May 2005
    It appears that your machine is attempting to open numerous TCP connections to other machines on the same network (your local lan). This is charateristic behavior of a virus or trojan. I would strongly recommend a full virus scan ASAP. It also appears to be attempting connections to port 445, one that the Sasser worm was known for. Those SYN_SENT 'state' messages indicate that the machine is trying to connect to other hosts, but has not received a reply from the destination.

    If you do not have anti-virus software, or if you are unsure how to perform a scan, let us know and we can point you in the right direction..
  • rogerbaby2001rogerbaby2001
    edited May 2005
    lemonlime wrote:
    It appears that your machine is attempting to open numerous TCP connections to other machines on the same network (your local lan). This is charateristic behavior of a virus or trojan. I would strongly recommend a full virus scan ASAP. It also appears to be attempting connections to port 445, one that the Sasser worm was known for. Those SYN_SENT 'state' messages indicate that the machine is trying to connect to other hosts, but has not received a reply from the destination.

    If you do not have anti-virus software, or if you are unsure how to perform a scan, let us know and we can point you in the right direction..
  • rogerbaby2001rogerbaby2001
    edited May 2005
    Thank you so much for the help lemonlime!! nasty business! I didn't mention but should have that on my task mgr i've got lots of new things going on also they are as follows:
    ____r.exe
    ____syst.exe
    ____N.exe
    to name a few and they seem to want to use alot of my CPU output.
    I will scan with trend micro housecalls and see what I find if you have any other thoughts please do share them is there any way to shut this thing down...close those ports down or somethingn ??
    ra
  • lemonlimelemonlime Canada Member
    edited May 2005
    I would try to end those tasks, by using the 'End Process' button. They may give you an 'Access Denied' message, but give it a shot regardless..

    Let us know what trend micro reports. If it is indeed sasser or another popular worm, there are some removal tools over at www.symantec.com.
Sign In or Register to comment.