should i kill these two process with python?

Chris Angelico rosuav at gmail.com
Sat Mar 25 04:52:33 EDT 2017


On Sat, Mar 25, 2017 at 7:41 PM, Ho Yeung Lee <jobmattcon at gmail.com> wrote:
>   TCP    127.0.0.1:1663         127.0.0.1:28091        ESTABLISHED     9900
>   TCP    127.0.0.1:28091        127.0.0.1:1663         ESTABLISHED     9532
>
> above two process connect to itself, named ismagent and updateui.exe
>
> are they the malware software?
>
>
>   TCP    127.0.0.1:1663         127.0.0.1:28091        ESTABLISHED     9900
>   TCP    127.0.0.1:7496         0.0.0.0:0              LISTENING       7496
>   TCP    127.0.0.1:27015        0.0.0.0:0              LISTENING       9968
>   TCP    127.0.0.1:28091        0.0.0.0:0              LISTENING       9532
>   TCP    127.0.0.1:28091        127.0.0.1:1663         ESTABLISHED     9532
>   TCP    127.0.0.1:43227        0.0.0.0:0              LISTENING       3772
>   TCP    127.0.0.1:50000        0.0.0.0:0              LISTENING       9532
>   TCP    192.168.1.102:1128     210.176.156.35:443     FIN_WAIT_2      5124
>   TCP    192.168.1.102:1509     64.233.188.102:443     ESTABLISHED     6700
>   TCP    192.168.1.102:1510     216.58.203.46:443      ESTABLISHED     6700
>   TCP    192.168.1.102:1511     216.58.203.46:443      ESTABLISHED     6700
>   TCP    192.168.1.102:1512     216.58.200.5:443       ESTABLISHED     6700
>   TCP    192.168.1.102:1513     172.217.26.195:443     ESTABLISHED     6700
>   TCP    192.168.1.102:1514     172.217.26.195:443     CLOSE_WAIT      6700
>   TCP    192.168.1.102:1898     111.221.29.156:443     ESTABLISHED     1544

This question is about systems administration and has nothing to do with Python.

To figure out what each connection represents, you'll have to figure
out what programs are on the two ends. (In the case of listening
sockets, figure out which program is listening.) Then research what's
actually being done by those programs. A simple dump like this is not
going to tell you much about whether it's malware.

ChrisA


More information about the Python-list mailing list