Finding Spyware on a Specific Port? Or at all?

So I was trying to load up the Tribes: Ascend beta client, and it refused to load. Looking to the diagnostic tool that comes with the download, it gives me this:

"The system is unable to connect to the update server https://patcher[dot]hirezstudios[dot]com/HiPatchDispatchRemotingServer.rem due to a likely spyware/malware infection on port 6522" EDIT: Didn't want for it to actually post a link, because it makes my post look sketchy. So I added in the [dot]s. It doesn't work going straight to it anyhow.

So I naturally go, "Say what?" and immediately run MalwareBytes. Didn't find a thing. I download a little utility I found called TCPView and can't even locate the port (6522) as being active. "Hmm," I say. So I netstat. -ab. -naob. Still don't see the port. To hell with it. I am going to ask the port if it's talking to anyone. I make a .bat file with this inside:

@echo getting port 6522 info (only)
@pause
@netstat -s 6522
@pause
@cls
@echo
@exit

I see the port. I see it is receiving packets, doing port things, but I have no idea what is going to or from it. Now I am questioning whether I am infected, or if this beta client is just screwing up and thinking a process is hostile when it isn't. But I would really like to find out in case, you know, it's actually something malicious.

I am currently running AVG as kind of a last-ditch, but it's almost finished and I don't expect it to find anything, especially after MalwareBytes didn't. I have only seen one other person online say they had the same problem, and someone on Yahoo answers told them to go for the old run Rkill, then run MalwareBytes, but seeing as I'm neither getting the signs associated with the Rkill/eXplorer.exe processes, and there are about ten utilities each designed for a specific variant, I am not so keen on trying every single one out when that doesn't seem to be the problem.

TL;DR: I need something to find out definitively if I have Spyware/Malware/etc. I'd also like to get a look at exactly what processes/programs are passing through this elusive port 6522 if possible, as well.

Thanks very much!
3 answers Last reply
More about finding spyware specific port
  1. Any advice on where to take this question? I don't want to ask the support team of Tribes Ascend, because they'll tell me to figure out if it's a spyware issue, for which I will have no answer.
  2. to figure out what is running
    open command prompt (start > run > type cmd and hit enter)
    type netstat-b
    or
    netstat -ano

    the -b will show active connections to the protocol using it
    -ano is all active connections and the pid (pid = process identifier)

    open task manager and click view select add colums > add the "pid"

    also u should check out http://technet.microsoft.com/en-us/sysinternals/bb795533
    the process tools are good for solving those kinds of problems
  3. a quick google search returned this

    the first like is for a rootkit
    http://www.kentoyer.com/2009/12/21/removing-the-shv5-rootkit/

    http://www.bleepingcomputer.com/virus-removal/remove-security-suite

    i dont see how u could miss a fake av though....
Ask a new question

Read More

Security Spyware Windows 7