If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
How do you find a rogue program in services.exe?
Hi,
I have a system that netstat -a -b shows tons of connections to smtp servers and the pid is 852, services.exe. How can I find out what program or dll is causing it and stop it? Thanks, Alan |
Ads |
#2
|
|||
|
|||
How do you find a rogue program in services.exe?
The best way is to install software that detects and removes malicious
software. --- Leonard Grey Errare humanum est Anonymous User wrote: Hi, I have a system that netstat -a -b shows tons of connections to smtp servers and the pid is 852, services.exe. How can I find out what program or dll is causing it and stop it? Thanks, Alan |
#3
|
|||
|
|||
How do you find a rogue program in services.exe?
Anonymous User wrote:
Hi, I have a system that netstat -a -b shows tons of connections to smtp servers and the pid is 852, services.exe. How can I find out what program or dll is causing it and stop it? Thanks, Alan Hello Alan: CurrPorts/CPorts from http://www.nirsoft.net/utils/cports.html will assist you in associating an application with an IP address. These may be due to browser plug-ins and applications your system starts with. Many may be things you installed long ago and have now forgotten. As Leonard has already posted, good quality antimalware tools might be helpful. Your antimalware list should at least /minimally/ include: MBAM: http://www.malwarebytes.org/ Run in normal mode. SAS: http://www.superantispyware.com/ Run in "Safe" mode. MSRT: http://www.microsoft.com/security/malwareremove/default.aspx Windows Defender: http://www.microsoft.com/windows/products/winfamily/defender/default.mspx HTH -- 1PW |
#4
|
|||
|
|||
How do you find a rogue program in services.exe?
"Anonymous User" wrote in
: Hi, I have a system that netstat -a -b shows tons of connections to smtp servers and the pid is 852, services.exe. How can I find out what program or dll is causing it and stop it? Thanks, Alan Start the Task Manager Start - Run - "taskmgr" Click on "Processes" tab From the menu: View - Select Columns - Check "PID" - OK You can now see which tasks associate with each PID. Find your matching PID. You can select them and click "end process" to stop them. Note that services should be stopped via: Start - Run - services.msc HTH, John |
Thread Tools | |
Display Modes | |
|
|