Sign in with
Sign up | Sign in
Your question

Unwanted localhost Help

Tags:
  • Configuration
  • Wireless Networking
Last response: in Wireless Networking
Share
February 12, 2012 6:05:40 PM

Hello,
I have a Kernal Frameworks Virus. I am needing Sophos to give me help on this. I am willing to pay for whatever I need to in order to fix this problem. My problems started at work where I was a unsuspecting victim of the malware being put onto my phone from an open router. Since then, the malware has installed a kernal inside my personal computer. The proof I have of this is below is a TCP connection view of my computer. I had sophos firewall installed and closed all internet access. I had a browser open with several webpages including the login page from work with the IP address of 209.137.220.87 as one of the pages open in the browser. When I closed all internet access from the Sophos firewall all other pages within the browser lost their internet connection as one would expect. However the webpage from address of my place of employment was the only page that remained with a live connection as a localhost. This is shown below as chrome.exe 4372 TCP bubba-pc 51756 209.137.220.87 http ESTABLISHED.

It would appear that my work network has a live localhost connection with my computer. This connection is not authorized by me. I have been using Sophos rootkit remover and continue to get all kinds of frameworks as hidden unknown files. Sophos is the only rootkit removal software that has ever picked up the rootkit. I would subscribe to what ever sophos product that would help me keep this rootkit from reinfecting my network. Please have a support technician call me at 580-778-3559

Brent Goodwin




System 4 UDP bubba-pc netbios-ns * *
System 4 UDP bubba-pc netbios-dgm * *
svchost.exe 996 UDP bubba-PC isakmp * *
svchost.exe 2564 UDP bubba-PC ws-discovery * *
svchost.exe 2564 UDP bubba-PC ws-discovery * *
svchost.exe 996 UDP bubba-PC ipsec-msft * *
svchost.exe 1336 UDP bubba-PC llmnr * * 33 762
SavService.exe 1068 UDP bubba-PC 49397 * *
SavService.exe 1068 UDP bubba-PC 50021 * *
svchost.exe 2564 UDP bubba-PC 50022 * *
SavService.exe 1068 UDP bubba-PC 59825 * *
swi_service.exe 2012 UDP bubba-PC 63664 * *
swi_service.exe 2012 UDP bubba-PC 63665 * *
svchost.exe 996 UDPV6 bubba-pc 500 * *
svchost.exe 2564 UDPV6 bubba-pc 3702 * *
svchost.exe 2564 UDPV6 bubba-pc 3702 * *
svchost.exe 996 UDPV6 bubba-pc 4500 * *
svchost.exe 1336 UDPV6 bubba-pc 5355 * *
svchost.exe 2564 UDPV6 bubba-pc 50023 * *
svchost.exe 1336 UDP bubba-PC 50739 * *
svchost.exe 1336 UDP bubba-PC 61283 * *
svchost.exe 1336 UDPV6 bubba-pc 61930 * *
svchost.exe 764 TCP bubba-PC epmap bubba-PC 0 LISTENING
System 4 TCP bubba-pc netbios-ssn bubba-PC 0 LISTENING
wininit.exe 432 TCP bubba-PC 49152 bubba-PC 0 LISTENING
svchost.exe 892 TCP bubba-PC 49153 bubba-PC 0 LISTENING
lsass.exe 516 TCP bubba-PC 49154 bubba-PC 0 LISTENING
svchost.exe 996 TCP bubba-PC 49155 bubba-PC 0 LISTENING
services.exe 500 TCP bubba-PC 49156 bubba-PC 0 LISTENING
svchost.exe 2256 TCP bubba-PC 49157 bubba-PC 0 LISTENING
System 4 TCP bubba-PC microsoft-ds bubba-PC 0 LISTENING
System 4 TCP bubba-PC wsd bubba-PC 0 LISTENING
svchost.exe 764 TCPV6 bubba-pc epmap bubba-pc 0 LISTENING
System 4 TCPV6 bubba-pc microsoft-ds bubba-pc 0 LISTENING
System 4 TCPV6 bubba-pc wsd bubba-pc 0 LISTENING
wininit.exe 432 TCPV6 bubba-pc 49152 bubba-pc 0 LISTENING
svchost.exe 892 TCPV6 bubba-pc 49153 bubba-pc 0 LISTENING
lsass.exe 516 TCPV6 bubba-pc 49154 bubba-pc 0 LISTENING
svchost.exe 996 TCPV6 bubba-pc 49155 bubba-pc 0 LISTENING
services.exe 500 TCPV6 bubba-pc 49156 bubba-pc 0 LISTENING
svchost.exe 2256 TCPV6 bubba-pc 49157 bubba-pc 0 LISTENING
chrome.exe 4372 TCP bubba-PC 51754 localhost 51755 ESTABLISHED
chrome.exe 4372 TCP bubba-PC 51755 localhost 51754 ESTABLISHED
chrome.exe 4372 TCP bubba-pc 51756 209.137.220.87 http ESTABLISHED
[System Process] 0 TCP bubba-PC 51749 localhost 51751 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51746 localhost 51748 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51743 localhost 51745 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51741 localhost 51742 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51739 localhost 51740 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51736 localhost 51737 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51758 localhost 51757 TIME_WAIT
[System Process] 0 TCP bubba-PC 51761 localhost 51760 TIME_WAIT
[System Process] 0 TCP bubba-PC 51763 localhost 51762 TIME_WAIT
[System Process] 0 TCP bubba-PC 51767 localhost 51765 TIME_WAIT
[System Process] 0 TCP bubba-PC 51770 localhost 51769 TIME_WAIT

More about : unwanted localhost

February 12, 2012 6:34:11 PM

Given that I disconnected internet access by the sophos firewall and still had what appeared to be a live localhost connection established. Does anyone have any idea of what could have happened to my network. I think that I could have malware on my system through an unsecured guest router at work. Do you think that this is possible. the IP address below is from my work.

Any thoughts would be appreciated or anything that I could take to law enforcement would be appreciated.





System 4 UDP bubba-pc netbios-ns * *
System 4 UDP bubba-pc netbios-dgm * *
svchost.exe 996 UDP bubba-PC isakmp * *
svchost.exe 2564 UDP bubba-PC ws-discovery * *
svchost.exe 2564 UDP bubba-PC ws-discovery * *
svchost.exe 996 UDP bubba-PC ipsec-msft * *
svchost.exe 1336 UDP bubba-PC llmnr * * 33 762
SavService.exe 1068 UDP bubba-PC 49397 * *
SavService.exe 1068 UDP bubba-PC 50021 * *
svchost.exe 2564 UDP bubba-PC 50022 * *
SavService.exe 1068 UDP bubba-PC 59825 * *
swi_service.exe 2012 UDP bubba-PC 63664 * *
swi_service.exe 2012 UDP bubba-PC 63665 * *
svchost.exe 996 UDPV6 bubba-pc 500 * *
svchost.exe 2564 UDPV6 bubba-pc 3702 * *
svchost.exe 2564 UDPV6 bubba-pc 3702 * *
svchost.exe 996 UDPV6 bubba-pc 4500 * *
svchost.exe 1336 UDPV6 bubba-pc 5355 * *
svchost.exe 2564 UDPV6 bubba-pc 50023 * *
svchost.exe 1336 UDP bubba-PC 50739 * *
svchost.exe 1336 UDP bubba-PC 61283 * *
svchost.exe 1336 UDPV6 bubba-pc 61930 * *
svchost.exe 764 TCP bubba-PC epmap bubba-PC 0 LISTENING
System 4 TCP bubba-pc netbios-ssn bubba-PC 0 LISTENING
wininit.exe 432 TCP bubba-PC 49152 bubba-PC 0 LISTENING
svchost.exe 892 TCP bubba-PC 49153 bubba-PC 0 LISTENING
lsass.exe 516 TCP bubba-PC 49154 bubba-PC 0 LISTENING
svchost.exe 996 TCP bubba-PC 49155 bubba-PC 0 LISTENING
services.exe 500 TCP bubba-PC 49156 bubba-PC 0 LISTENING
svchost.exe 2256 TCP bubba-PC 49157 bubba-PC 0 LISTENING
System 4 TCP bubba-PC microsoft-ds bubba-PC 0 LISTENING
System 4 TCP bubba-PC wsd bubba-PC 0 LISTENING
svchost.exe 764 TCPV6 bubba-pc epmap bubba-pc 0 LISTENING
System 4 TCPV6 bubba-pc microsoft-ds bubba-pc 0 LISTENING
System 4 TCPV6 bubba-pc wsd bubba-pc 0 LISTENING
wininit.exe 432 TCPV6 bubba-pc 49152 bubba-pc 0 LISTENING
svchost.exe 892 TCPV6 bubba-pc 49153 bubba-pc 0 LISTENING
lsass.exe 516 TCPV6 bubba-pc 49154 bubba-pc 0 LISTENING
svchost.exe 996 TCPV6 bubba-pc 49155 bubba-pc 0 LISTENING
services.exe 500 TCPV6 bubba-pc 49156 bubba-pc 0 LISTENING
svchost.exe 2256 TCPV6 bubba-pc 49157 bubba-pc 0 LISTENING
chrome.exe 4372 TCP bubba-PC 51754 localhost 51755 ESTABLISHED
chrome.exe 4372 TCP bubba-PC 51755 localhost 51754 ESTABLISHED
chrome.exe 4372 TCP bubba-pc 51756 209.137.220.87 http ESTABLISHED
[System Process] 0 TCP bubba-PC 51749 localhost 51751 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51746 localhost 51748 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51743 localhost 51745 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51741 localhost 51742 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51739 localhost 51740 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51736 localhost 51737 TIME_WAIT 1 37
[System Process] 0 TCP bubba-PC 51758 localhost 51757 TIME_WAIT
[System Process] 0 TCP bubba-PC 51761 localhost 51760 TIME_WAIT
[System Process] 0 TCP bubba-PC 51763 localhost 51762 TIME_WAIT
[System Process] 0 TCP bubba-PC 51767 localhost 51765 TIME_WAIT
[System Process] 0 TCP bubba-PC 51770 localhost 51769 TIME_WAIT
m
0
l
!