should i kill these two process with python?
Chris Angelico
rosuav at gmail.com
Sat Mar 25 04:52:33 EDT 2017
On Sat, Mar 25, 2017 at 7:41 PM, Ho Yeung Lee <jobmattcon at gmail.com> wrote:
> TCP 127.0.0.1:1663 127.0.0.1:28091 ESTABLISHED 9900
> TCP 127.0.0.1:28091 127.0.0.1:1663 ESTABLISHED 9532
>
> above two process connect to itself, named ismagent and updateui.exe
>
> are they the malware software?
>
>
> TCP 127.0.0.1:1663 127.0.0.1:28091 ESTABLISHED 9900
> TCP 127.0.0.1:7496 0.0.0.0:0 LISTENING 7496
> TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 9968
> TCP 127.0.0.1:28091 0.0.0.0:0 LISTENING 9532
> TCP 127.0.0.1:28091 127.0.0.1:1663 ESTABLISHED 9532
> TCP 127.0.0.1:43227 0.0.0.0:0 LISTENING 3772
> TCP 127.0.0.1:50000 0.0.0.0:0 LISTENING 9532
> TCP 192.168.1.102:1128 210.176.156.35:443 FIN_WAIT_2 5124
> TCP 192.168.1.102:1509 64.233.188.102:443 ESTABLISHED 6700
> TCP 192.168.1.102:1510 216.58.203.46:443 ESTABLISHED 6700
> TCP 192.168.1.102:1511 216.58.203.46:443 ESTABLISHED 6700
> TCP 192.168.1.102:1512 216.58.200.5:443 ESTABLISHED 6700
> TCP 192.168.1.102:1513 172.217.26.195:443 ESTABLISHED 6700
> TCP 192.168.1.102:1514 172.217.26.195:443 CLOSE_WAIT 6700
> TCP 192.168.1.102:1898 111.221.29.156:443 ESTABLISHED 1544
This question is about systems administration and has nothing to do with Python.
To figure out what each connection represents, you'll have to figure
out what programs are on the two ends. (In the case of listening
sockets, figure out which program is listening.) Then research what's
actually being done by those programs. A simple dump like this is not
going to tell you much about whether it's malware.
ChrisA
More information about the Python-list
mailing list