New
#1
Suspicious TCP/UDP connections on Currports
Hello, I've just ran the software 'Currports' And I've found some suspicious listings there... Here are a few (Should I be worried?)
Process Name:AppleMobileDeviceService
local port:27015
Remote address:127.0.0.1
Remote host name:www(dot)007guard(dot)com
State:Established
What has me suspicious is I'm pretty sure 007guard is known for malware, but where I'm confused is, in my Hosts file, 007guard is listed as 127.0.0.1 (I'm not really a networks guy, but doesn't that mean, any connections to that domain will go to 127.0.0.1 i.e home?)
There's a few similar ones as well, like Dropbox.exe and even Firefox.exe, iTunesHelper.exe, a few 'System'
and some 'Unknown's that go to odd sounding 'Remote Host Names'
I have Avast! installed, malwarebytes available, they've never flagged anything. I have had issues with malware in the past but it seemed my AV (AVG at the time) cleared that up. Also, the suspicious connection seem to be in the port ranges of around 20000 - 50000... Any other details you need, just ask!
Any advice is welcome! :)
Edit: So I accidently posted two threads on this, here was the second post, it has some extra information in it, I hope it's helpful!:
Hello, I've just ran the program Currports (Sort of like a detailed Netstat command) And I've found some suspicious connections, should I be worried about these? Is my computer likely to be infected with malware, these are some suspicious connections I've come across:
Process Name:AppleMobileDeviceService.exe
Protocol:TCP
Local Port: 27015
Local Address: 127.0.0.1
Remove Port:49212
Remote Address:127.0.0.1
Remote Host Name:www(dot)007guard(dot)com
This is the part that makes me suspicious, I'm pretty sure 007guard is known for being malware so is this legitimate? I get a bit confused as the addresses are both 127.0.0.1/home, is this something to do with 007guard being in my hosts file as 127.0.0.1. (I'm not really a networking guy, but doesn't the hosts file mean any connections to this domain will redirect back to the IP listed there, in this case, me?)
There's some other processes that are like this, Firefox.exe, iTunesHelper.exe, two 'System' and some 'Unknown's which have the Remote Host Name as some domains which look suspicious...(e100.net, akamaitechnologies.com, reverse.softlayer.com and some designermedia.com)The Unknown entries also have different IPs to 127.0.0.1, yet have there remote port listed as 80 (Web server?) so I'm assuming that is normal from me just using Firefox, but I only have this tab open...
Any advice on what I should do is welcome, having any connection to 007guard seems pretty suspicious to me...
Last edited by oddblob; 23 Jan 2014 at 15:53.