High number of TCP connections = malware?


  1. Posts : 3
    Windows 7 Home Premium 64-bit
       #1

    High number of TCP connections = malware?


    Hi everyone,

    I have noticed that there is an unusually high number of TCP connections to my computer. Resource Monitor shows that I have an average of 50 TCP connections at any given time, even when the computer is idle. Also, the majority of the connections have no PIDs (process ID numbers), which I'm guessing may indicate that my computer has some sort of malware infection.

    My computer has McAfee Security Center installed, and it is up to date. I just ran a scan, and everything came up clean.

    Please advise me on what I should do, and if you need more info, just ask. Thanks!

    Tech specs:

    Windows 7 Home Premium 64-bit
    Dell Inspiron N5110 laptop
    CPU: Intel Core i3 @ 2.10 Ghz
    6 GB RAM
    Anti-Virus: McAfee Security Center
      My Computer


  2. Posts : 2,781
    Windows 10 Pro x64
       #2

    Hey and welcome to SevenForums!

    Run Malwarebytes Anti-Malware. Malwarebytes Anti-Malware Free
    It has web protection that monitors it 24/7, if it sees any harmful IPs it will block them.
      My Computer


  3. Posts : 3
    Windows 7 Home Premium 64-bit
    Thread Starter
       #3

    Thanks!

    I have installed Malwarebytes Anti-Malware, and I ran a scan. The program did not detect any malware. However, when I take a look at Resource Monitor, I am still seeing an average of 40 TCP connections at any given time.

    I'm pretty sure this is not normal, and the fact that there are no process IDs given under the "Image" category is troubling. Malware usually hides itself in one way or another, and I have the feeling that's what I'm seeing here.

    If nothing else, I'd like to know how many average TCP connections other users are seeing when they view the Network section of the Resource Monitor with no browsers open. I'd also like to know if other users see any processes running that have no process IDs (PID). Perhaps I'm getting worked up over nothing.
      My Computer


  4. Posts : 2,781
    Windows 10 Pro x64
       #4

    Hmm, you can try looking at your router logs.
      My Computer


  5. Posts : 1,049
    Windows 7 Pro 32
       #5

    I don't use Resource Monitor much but I recommend TCPView. To only show actual connections make sure "Show Unconnected Endpoints" is not selected in the Options menu. That will greatly reduce the number of connections shown.
    https://technet.microsoft.com/en-us/.../bb897437.aspx

    To have all your processes checked out by more than 50 popular anti-virus products I recommend this:
    https://www.sevenforums.com/tutorials...s-50-av-s.html

    If you find a suspicious process and want to check it deeper, see step 8 in the tutorial.
      My Computer


  6. Posts : 5,642
    Windows 10 Pro (x64)
       #6

    Having a lot of TCP connections doesn't mean it is malware. How many you have depends on the software you are running. I myself have like over a hundred. But I'm constantly connected to the internet along with several network tasks.

    And yes, you will have some that are not listed with an executable or a PID. They are not tied to one they are usually the underlying network that talks to your gateway (Router) the makes the internet work.
      My Computer


  7. Posts : 3
    Windows 7 Home Premium 64-bit
    Thread Starter
       #7

    Thanks for the replies. Maybe I'm just paranoid. I'll try to run some more anti-malware programs just to be on the safe side.
      My Computer


  8. Posts : 2,781
    Windows 10 Pro x64
       #8

    Don't. Running multiple protection programs will cause conflict with each other and eventually Windows will not boot, it happened to me once.
      My Computer


  9. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #9

    ComputerUser1 said:
    Thanks for the replies. Maybe I'm just paranoid. I'll try to run some more anti-malware programs just to be on the safe side.
    Paranoia is just another level of security. Don't be afraid to investigate if you think something is amiss.

    Another program you could try is AdwCleaner.
      My Computer


  10. Posts : 587
    Windows 7 x64
       #10

    ComputerUser1 said:
    Thanks!

    I have installed Malwarebytes Anti-Malware, and I ran a scan. The program did not detect any malware.
    Note that MalwareBytes Anti-Malware (MBAM) does not scan for rootkits by default; you need to turn that ON in the Detection and Protection settings. Also did you enable the free trial? If so MBAM will run resident and monitor connections to notify you if there are attempts to connect to bad IPs.

    For another opinion I recommend Kaspersky TDSSkiller which is designed to target rootkits specifically.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:53.
Find Us