Sign in with
Sign up | Sign in
Your question

Can someone please tell me by this screen shot if I have been hacked ?

Last response: in Windows 7
Share
December 7, 2012 2:33:56 AM

So I ran across a YouTube video that talked about has your computer been compromised.

So like the video said go into the command window and type in netstat –ano. So I did and there were as a lot of established ip’s in the list. So like it recommended I rebooted and did not open anything but cmd and ran netstat –ano again.

Still found 2 ip’s in there and the PID # was not listed under processes in task manager. So I took a screen shot of it. I blacked out my ip address to my computer but I have seen another ip show up somewhere in the past on my computer that I hope to god is ok for me to show in this picture. My concerns are this:

1 of the two established ip’s says Microsoft hosting; I am hoping that is ok that it is there but really no clue?

The other ip is coming out of Kansas and when I did ip trace it comes up to “ISP: France Telecom” which there was very little info about this when I looked on Google.

The last thing is I was hoping someone could maybe explain all these different ports that are open on my computer or at least I am guessing they are open?

Thank you for reading and hoping someone can explain this to me please


More about : screen shot hacked

a b $ Windows 7
December 7, 2012 2:52:49 AM

PID's chance and may well be hidden, did you have show all users in the task manager?

Process Explorer is like the task manager on crack. May be worth a look, I do NOT recommend replacing the task manager with this(it is an option).
http://technet.microsoft.com/en-ca/sysinternals/bb89665...

you know the 127.0.0.1.s are loopback and are within your own computer. No harm from those.

4 of those seen to have port 80 generally this is just web traffic. Maybe you have some kind of update happening like RSS feeds ect.
Port 443 is used for secure web sites(https)

You seen to have some listening ports too 80 again would be if you had been hosting a website lets say. Some programs use a web interface as well and could cause that.

Chances are if you have a router sitting in from of your system its own firewall will at least be keeping an eye on the outside getting in. If you blanked out a 192.168.X.X style number, that is internal and did not need to be blocked.

The best way to keep your computer in good shape is to run some regular scans for viruses and other malware.

Please note not ALL things software finds is BAD. sometimes its just browser cookies and stuff.

Malwarebytes Anti-Malware Free.
http://www.malwarebytes.org/products/malwarebytes_free/

Spyware Blaster. This blocks known bad sites in your systems hosts file(redirects those requests to your own system so nothing happens).
http://www.brightfort.com/spywareblaster.html

Trend Micro House Call. web bases scanner, not active after you leave, just a second opinion for your system(scans for viruses and malware).
http://housecall.trendmicro.com/

Honestly important also is to keep your systems UAC warnings on. many bad things do not install without Admin rights(so if something that you do not trust asks for admin, you say NO). Most bad things happen from opening something you should not. While attacks from the outside happen, they are not nearly as common for home users.
m
0
l
December 7, 2012 3:14:38 AM

Thank you for such a detailed reply back.

Per your reply I went back in and checked the box “Show processes from all users”.

The PID 1572 showed up and the image name was “svchost.exe” After looking I counted 15 image names with that same name but only one had the PID # 1572.

I am currently looking at the links you posted about malware and spyware, thank you for posting those. I am typically pretty careful about what I open. I didn’t start the night off thinking I had a virus or anything was wrong I just happened to come across that video and anyways here we are lol.

Thank You Again


nukemaster said:
PID's chance and may well be hidden, did you have show all users in the task manager?

Process Explorer is like the task manager on crack. May be worth a look, I do NOT recommend replacing the task manager with this(it is an option).
http://technet.microsoft.com/en-ca/sysinternals/bb89665...

you know the 127.0.0.1.s are loopback and are within your own computer. No harm from those.

4 of those seen to have port 80 generally this is just web traffic. Maybe you have some kind of update happening like RSS feeds ect.
Port 443 is used for secure web sites(https)

You seen to have some listening ports too 80 again would be if you had been hosting a website lets say. Some programs use a web interface as well and could cause that.

Chances are if you have a router sitting in from of your system its own firewall will at least be keeping an eye on the outside getting in. If you blanked out a 192.168.X.X style number, that is internal and did not need to be blocked.

The best way to keep your computer in good shape is to run some regular scans for viruses and other malware.

Please note not ALL things software finds is BAD. sometimes its just browser cookies and stuff.

Malwarebytes Anti-Malware Free.
http://www.malwarebytes.org/products/malwarebytes_free/

Spyware Blaster. This blocks known bad sites in your systems hosts file(redirects those requests to your own system so nothing happens).
http://www.brightfort.com/spywareblaster.html

Trend Micro House Call. web bases scanner, not active after you leave, just a second opinion for your system(scans for viruses and malware).
http://housecall.trendmicro.com/

Honestly important also is to keep your systems UAC warnings on. many bad things do not install without Admin rights(so if something that you do not trust asks for admin, you say NO). Most bad things happen from opening something you should not. While attacks from the outside happen, they are not nearly as common for home users.

m
0
l
Related resources
!