(This item is an update to an article that first appeared in the October 2005 issue of this newsletter)
One of the most unnerving computer experiences is to notice sudden unexpected internet activity from your PC when you’re not using the internet at the time.
It can be brought to your attention several ways. For example, the lights on your modem or router might start blinking furiously, or your firewall may indicate internet activity, or your download/upload monitor could show that a lot of information is being received or transmitted.
When this happens to me, the first thought that goes through my mind is that a malware program may be "phoning home" to some remote PC, divulging all my personal information.
Now I know this is unlikely because my PC is well protected, but I know enough about security to know that it’s possible. So whenever this happens I immediately investigate what’s happening, and you should do the same. In the following paragraphs I’ll show you how.
When you are connected to the internet you are not connected at one point but at multiple points. These different points are called ports. Data can flow into and out of each of these ports. It’s a bit like the way flies get into your house. They can get in (or out) through the front door, the back door, the windows or the chimney. These openings in your house are just like the ports in your computer.
There can be up to 65000 ports on your computer, but normally these are shut. When you start a program such as your web browser that connects to the internet, that program opens one or more ports to make the connection.
So when your computer shows signs of unexpected internet activity, you need to determine what ports are open and then identify the programs that opened those ports.
There’s a whole class of utilities called "port enumerators" that will do this job for you. In fact, there are more than a dozen such programs currently available. Additionally, many firewalls and anti-trojan programs have in-built port enumerators, though these are often quite basic.
I’ve looked at most of these products and found one freeware product that is outstanding. It’s a tiny 50KB program that doesn’t require installation, called CurrPorts [1] from Nir Sofer over at Nirsoft. It works best with Windows NT and later, though Windows 98 users can still use the product with less information displayed.
CurrPorts, like all port enumerators, shows all the ports that are currently open on your PC. It also shows you the process that opened each port and the time the port was opened. Most importantly, it flags, in pink, any suspicious ports.
Now "suspicious" here just means worth checking. However, this flagging makes the job of interpreting results much easier for less experienced users.
And if you install CurrPorts sister program from Nirsoft called IPNetInfo [2], you can right click on a suspicious connection and track down the location and owner of the remote site. If it’s somewhere like North Korea, China or Romania, you almost certainly have a problem.
If you do have a problem CurrPorts allows you to immediately shut down that port. That reduces the potential damage but of course doesn’t solve the problem. To do that you need to find the malware program responsible.
How you do that is, unfortunately, beyond the scope of this article. As a quick guide I suggest you download HijackThis from this link http://www.tomcoyote.org/hjt/ and follow the instructions on the same page how to paste the output to the Tom Coyote web forums. The folks on the forum should be able to help you permanently get rid of the problem and it won’t cost you a cent either.
So folks, download CurrPorts now so that the next time you have unexplained internet activity you’ll know exactly what to do about it.
[1] CurrPorts:
http://www.nirsoft.net/utils/cports.html
Freeware, Windows NT->Vista plus Win 98 with some limitations, No installation required, 50KB.
[2] IPNetInfo:
http://www.nirsoft.net/utils/ipnetinfo.html
Freeware, Windows 98->Vista, No installation required, 48KB.
Insider tips, how-tos, best security practices, and more
The Windows Secrets Newsletter brings you essential tricks for running Windows XP, Vista, 7, Internet Explorer, Firefox, Windows Update, and more — weekly, free.
Bonus: get this free download when you subscribe
Interested in Windows 8 but don't know where to start? You have a friendly guide in My Windows 8 Consumer Preview: A Sneak Peek at the Windows 8 Public Beta, by Katherine Murray. This month, all subscribers can download Chapter 1 and Chapter 5. In this excerpt you will learn about the new look of Windows 8, how to make things happen in it, how to use the apps that come with it, and how to get more apps.
We guarantee your privacy: We will never sell, rent, or give away your address to any outside party, ever. We will never send you any unrequested e-mail. Unsubscribe requests are honored within one business day. Privacy Policy
Related posts:
