WEIRD netstat behavior on Windows XP re: www.partypoker.com

Posted by tbone on Super User See other posts from Super User or by tbone
Published on 2009-07-08T04:40:44Z Indexed on 2010/06/09 11:02 UTC
Read the original article Hit count: 341

Filed under:
|

I really don't know if this is the right place to ask this, but I would really appreciate if someone that is more savvy on Windows XP (Professional) could help me out. For background, I am a 10+ years programmer, so I'm not a total idiot, but I am far from an expert on TCP/IP, etc, and this has me totally confused.

When I do a netstat (on Windows XP) I seem to always get a huge amount of www.partypoker.com connections and I can't figure out where they are coming from.

A netstat -o shows me that some are coming from PID xxx, which is firefox, but if I kill it, the connections still remain.

Some are coming from PID 0, which makes no sense to me.

SECOND PROBLEM: One would think you could edit the C:\WINDOWS\system32\drivers\etc\hosts file to block this, but it seems like my machine is ignoring the hosts file! (I have tried with the DNS client service both enabled and disabled, same result).

So I just rebooted, killed all my normal programs, and I can't seem to reproduce the problem. If I was a paranoid person, I would think there was some sort of an intelligent trojan running.

I am running Windows XP Pro, Kaspersky Antivirus, ccCleaner, and am fully up to date on Windows Update. What gives????

So, I guess my questions are: 1. Is anyone else seeing these wird connections to partypoker.com? 2. Why isn't my hosts filter working? 3. Is there some utility I can run to find out whats happening? I've tried autoruns.exe from sysinternals but don't see anything interesting.

Am I the only one with this problem? If there are any additional things you need me to run, let me know.

© Super User or respective owner

Related posts about Windows

Related posts about security