Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: High number of TCP connections = malware?

02 Jun 2015   #1
ComputerUser1

Windows 7 Home Premium 64-bit
 
 
High number of TCP connections = malware?

Hi everyone,

I have noticed that there is an unusually high number of TCP connections to my computer. Resource Monitor shows that I have an average of 50 TCP connections at any given time, even when the computer is idle. Also, the majority of the connections have no PIDs (process ID numbers), which I'm guessing may indicate that my computer has some sort of malware infection.

My computer has McAfee Security Center installed, and it is up to date. I just ran a scan, and everything came up clean.

Please advise me on what I should do, and if you need more info, just ask. Thanks!

Tech specs:

Windows 7 Home Premium 64-bit
Dell Inspiron N5110 laptop
CPU: Intel Core i3 @ 2.10 Ghz
6 GB RAM
Anti-Virus: McAfee Security Center


My System SpecsSystem Spec
.
03 Jun 2015   #2
Laith

Windows 10 Professional x64
 
 

Hey and welcome to SevenForums!

Run Malwarebytes Anti-Malware. Malwarebytes Anti-Malware Free
It has web protection that monitors it 24/7, if it sees any harmful IPs it will block them.
My System SpecsSystem Spec
03 Jun 2015   #3
ComputerUser1

Windows 7 Home Premium 64-bit
 
 

Thanks!

I have installed Malwarebytes Anti-Malware, and I ran a scan. The program did not detect any malware. However, when I take a look at Resource Monitor, I am still seeing an average of 40 TCP connections at any given time.

I'm pretty sure this is not normal, and the fact that there are no process IDs given under the "Image" category is troubling. Malware usually hides itself in one way or another, and I have the feeling that's what I'm seeing here.

If nothing else, I'd like to know how many average TCP connections other users are seeing when they view the Network section of the Resource Monitor with no browsers open. I'd also like to know if other users see any processes running that have no process IDs (PID). Perhaps I'm getting worked up over nothing.
My System SpecsSystem Spec
.

03 Jun 2015   #4
Laith

Windows 10 Professional x64
 
 

Hmm, you can try looking at your router logs.
My System SpecsSystem Spec
04 Jun 2015   #5
Tookeri

Windows 7 Pro 32
 
 

I don't use Resource Monitor much but I recommend TCPView. To only show actual connections make sure "Show Unconnected Endpoints" is not selected in the Options menu. That will greatly reduce the number of connections shown.
https://technet.microsoft.com/en-us/.../bb897437.aspx

To have all your processes checked out by more than 50 popular anti-virus products I recommend this:
http://www.sevenforums.com/tutorials...s-50-av-s.html

If you find a suspicious process and want to check it deeper, see step 8 in the tutorial.
My System SpecsSystem Spec
04 Jun 2015   #6
logicearth

Windows 10 Pro (x64)
 
 

Having a lot of TCP connections doesn't mean it is malware. How many you have depends on the software you are running. I myself have like over a hundred. But I'm constantly connected to the internet along with several network tasks.

And yes, you will have some that are not listed with an executable or a PID. They are not tied to one they are usually the underlying network that talks to your gateway (Router) the makes the internet work.
My System SpecsSystem Spec
04 Jun 2015   #7
ComputerUser1

Windows 7 Home Premium 64-bit
 
 

Thanks for the replies. Maybe I'm just paranoid. I'll try to run some more anti-malware programs just to be on the safe side.
My System SpecsSystem Spec
05 Jun 2015   #8
Laith

Windows 10 Professional x64
 
 

Don't. Running multiple protection programs will cause conflict with each other and eventually Windows will not boot, it happened to me once.
My System SpecsSystem Spec
05 Jun 2015   #9
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Quote   Quote: Originally Posted by ComputerUser1 View Post
Thanks for the replies. Maybe I'm just paranoid. I'll try to run some more anti-malware programs just to be on the safe side.
Paranoia is just another level of security. Don't be afraid to investigate if you think something is amiss.

Another program you could try is AdwCleaner.
My System SpecsSystem Spec
06 Jun 2015   #10
Victek

Windows 7 x64
 
 

Quote   Quote: Originally Posted by ComputerUser1 View Post
Thanks!

I have installed Malwarebytes Anti-Malware, and I ran a scan. The program did not detect any malware.
Note that MalwareBytes Anti-Malware (MBAM) does not scan for rootkits by default; you need to turn that ON in the Detection and Protection settings. Also did you enable the free trial? If so MBAM will run resident and monitor connections to notify you if there are attempts to connect to bad IPs.

For another opinion I recommend Kaspersky TDSSkiller which is designed to target rootkits specifically.
My System SpecsSystem Spec
Reply

 High number of TCP connections = malware?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Changing File Decription for link to Malware Bytes Anti-Malware
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
System Security
BSOD playing games under high load, High-end Intel/Nvidia custom PC
Hi all, This is my first computer build. For the most part it is playing games fine, but three times now in the last several weeks I have gotten BSODs, in Crysis 3, Battlefield 4. I didn't have the presence of mind to write down the error code. I have attached the /zip file generated by SF. ...
BSOD Help and Support
What is considered a high SVCHost (MB) number? (Win 7 HP 64)
I got this computer about a year ago and I noticed with my SVCHost files I got about 12 (which is normal) but the one starts at 100mb when I turn on the computer and gets up to about 450mb. It doesn't slow down my computer or anything. But I was simply wondering is 450mb to high? Or does it just...
Performance & Maintenance
What's the max number of incoming connections (aka VPN) Windows 7 supp
What's the max number of incoming connections (aka VPN) Windows 7 Ultimate supports? I'm getting an error every time I try to connect one machine while the other is connected. Error 937 I believe. Does this mean that windows 7 Ultimate only supports one vpn connection at a time without upgrading...
Network & Sharing
DHL tracking number emails contain malware (Troj/Bckdr-QSL)
DHL tracking number emails contain malware | Graham Cluley's blog My sister got hit with this via email in a 0-day attack - she was infected as of 8 AM on Monday, 23 March. Symantec did not find anything, at first, until she had already run the executable inside the ZIP file, and it started...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App