Sign in with
Sign up | Sign in
Your question

Finding Spyware on a Specific Port? Or at all?

Last response: in Windows 7
Share
March 25, 2012 8:13:34 AM

So I was trying to load up the Tribes: Ascend beta client, and it refused to load. Looking to the diagnostic tool that comes with the download, it gives me this:

"The system is unable to connect to the update server https://patcher[dot]hirezstudios[dot]com/HiPatchDispatchRemotingServer.rem due to a likely spyware/malware infection on port 6522" EDIT: Didn't want for it to actually post a link, because it makes my post look sketchy. So I added in the [dot]s. It doesn't work going straight to it anyhow.

So I naturally go, "Say what?" and immediately run MalwareBytes. Didn't find a thing. I download a little utility I found called TCPView and can't even locate the port (6522) as being active. "Hmm," I say. So I netstat. -ab. -naob. Still don't see the port. To hell with it. I am going to ask the port if it's talking to anyone. I make a .bat file with this inside:

@echo getting port 6522 info (only)
@pause
@netstat -s 6522
@pause
@cls
@echo
@exit

I see the port. I see it is receiving packets, doing port things, but I have no idea what is going to or from it. Now I am questioning whether I am infected, or if this beta client is just screwing up and thinking a process is hostile when it isn't. But I would really like to find out in case, you know, it's actually something malicious.

I am currently running AVG as kind of a last-ditch, but it's almost finished and I don't expect it to find anything, especially after MalwareBytes didn't. I have only seen one other person online say they had the same problem, and someone on Yahoo answers told them to go for the old run Rkill, then run MalwareBytes, but seeing as I'm neither getting the signs associated with the Rkill/eXplorer.exe processes, and there are about ten utilities each designed for a specific variant, I am not so keen on trying every single one out when that doesn't seem to be the problem.

TL;DR: I need something to find out definitively if I have Spyware/Malware/etc. I'd also like to get a look at exactly what processes/programs are passing through this elusive port 6522 if possible, as well.

Thanks very much!
March 26, 2012 10:56:18 AM

Any advice on where to take this question? I don't want to ask the support team of Tribes Ascend, because they'll tell me to figure out if it's a spyware issue, for which I will have no answer.
m
0
l
a b $ Windows 7
April 10, 2012 5:22:50 PM

to figure out what is running
open command prompt (start > run > type cmd and hit enter)
type netstat-b
or
netstat -ano

the -b will show active connections to the protocol using it
-ano is all active connections and the pid (pid = process identifier)

open task manager and click view select add colums > add the "pid"

also u should check out http://technet.microsoft.com/en-us/sysinternals/bb79553...
the process tools are good for solving those kinds of problems
m
0
l
!