# Unwanted Connections



## dpsguard (Dec 12, 2009)

Hi all,

I have a vista premium laptop. when I issue netstat -n at command prompt,

I see something like this:

C:\>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1050 127.0.0.1:44334 ESTABLISHED
TCP 127.0.0.1:1051 127.0.0.1:1052 ESTABLISHED
TCP 127.0.0.1:1052 127.0.0.1:1051 ESTABLISHED
TCP 127.0.0.1:1055 127.0.0.1:27015 ESTABLISHED
TCP 127.0.0.1:27015 127.0.0.1:1055 ESTABLISHED
TCP 127.0.0.1:44334 127.0.0.1:1050 ESTABLISHED

and 

C:\>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1050 thephoenix-forums:44334 ESTABLISHED
TCP 127.0.0.1:1051 thephoenix-forums:1052 ESTABLISHED
TCP 127.0.0.1:1052 thephoenix-forums:1051 ESTABLISHED
TCP 127.0.0.1:1055 thephoenix-forums:27015 ESTABLISHED
TCP 127.0.0.1:27015 thephoenix-forums:1055 ESTABLISHED
TCP 127.0.0.1:44334 thephoenix-forums:1050 ESTABLISHED

And when I use a utility from Microsoft called TCPView,

I find that javaw.exe is the process that is creating these connections.

And I am not connected to Internet or outside, with nothing connected to ethernet and wireless is off.

You can see that local host (my PCs) is shown as thephoenix-forums, whereas the PC name ( computer name) is totally different under control panel / system.

So couple of questions for you the experts:

1. Why is java trying to create these internal connections (and they are bidirections if you will notice the source and destination port numbers)?

2. I can not kill the javaw process under taskmanager.

3. Where is this destination name of thephoenix-forums coming up?

4. I have windows firewall ( but that is incoming only) and a Sunbelt firewall ( incoming and outgoing) and firewall can not do anything as these connections remain inside the PC and do not exit off an interface (wired or wireless) to Internet.

Please help.

Thanks

dpsguard


----------



## dpsguard (Dec 12, 2009)

Hello All,

Further to my earlier post, I can understand that there can be local connections because of some applications and proxies etc, however I do not have any proxies. And the name for the PC, can be 127.0.0.1 or localhost or the computer name. However, I am getting this 4th name thephoenix-forums, that is not set up anywhere. My concern is that my computer may be infected / compromised. I have AVG 9.0 and malwarebytes running and they always come up clean except some cookies etc.

And I have two firewalls (windows and sunbelt) as well as Vista UAC, still do not understand as to what is going on. And when I run a port scan, my PC does not have any port open from outside on any wired / wireless interface.

Please advise as I am a bit concerned.

Much appreciate.


----------



## dpsguard (Dec 12, 2009)

*Re: [SOLVED] Unwanted Connections*

Okay folks, this actually turned out to be at least some non issue.

This is what I found after spending couple of hours.

I had once downloaded and added a hosts file that has many of the bad sites being directed to 0.0.0.0, so as to not get to these sites ( hosts file will be looked into first for DNS resolution). And I found that one of the line had 0.0.0.0 IP set up as 127.0.0.1 and that line has thephoenix-forums.org in it. After I fixed it, now netstat shows no more the strange name for my PC. 

I further looked into other PCs and online also, there are many bidirectional connections between localhost / computer name for reasons not known to me ( including firefox using couple of such connections).

Thanks all for reading my posts.


----------

