Strange netstat entry: spynettest - virus?

Acer Aspire 7540-1317 notebook - athlon...
January 21, 2011 at 17:12:33
Specs: Windows 7 Professional, 32-bit, Debian 5.0 Lenny 32-bit, Ubuntu 10.04 LTS triple boot, 2.0 GHz, 3.00 GB RAM
Hello, I am about to go into a panic if I do not find out what this is and why its happening.
So I ran netstat -a -p tcp at the command prompt on my windows 7 laptop, to do routine checks of my listening connections and ports. While doing so, all the ports seemed normal but I found an unknown entry and need some reassurance.

This is what netstat entries I found to be wierd:
Local address Foreign address download:http CLOSE_WAIT vip1:http CLOSE_WAIT spynettest:https ESTABLISHED

I googled this and some hits found that it was a virus, others said it was to do with Microsoft security essentials making you a part of spynet without knowledge. I have an up to date antivirus, antispyware and a firewall blocking all inbound traffic. I'm pretty sure I am not infected.

Anyone same problem / any ideas why this address is being contacted? It never ever happened before, I only just noticed it when I ran netstat this time.


See More: Strange netstat entry: spynettest - virus?

January 21, 2011 at 20:12:49
To check if you are infected with the Spyware Protect/Antispyware types of infections, run Malwarebytes' Anti-Malware
Error codes
Common Issues, Questions, and their Solutions, Frequently Asked Questions.
VIPRE Rescue Program
Try it in Safe mode.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
Download & install.

Report •

January 22, 2011 at 05:56:02
Hello, thanks for your reply. I ran a virus scan with my avast antivirus, it came up clean. I think I will also check with bitdefender online scanner just to be sure. After further investigation, I realised that the first two entries:

vip1:http were part of my Comodo firewall contacting update websites for the firewall program. Nothing suspicious about those connections. I then realised that I had Microsoft Security essentials installed on a virtual computer and realised that this was part of the Microsoft Spynet that Microsoft security essentials forces you to sign up to. I made a registry edit, and stopped security essentials reporting information to Microsoft, which I am sure is what the connection to spynettest was, I found an article on google. I will probably do a scan with bitdefender. But nothing suspicious has been happening on my machine, no hosts file changes, slowdowns or popups.

Thankyou for your fast response.

Report •

January 22, 2011 at 07:58:03
"Microsoft security essentials forces you to sign up to"
When I installed, I did not tick that box.

"I made a registry edit, and stopped security essentials reporting information to Microsoft,"
Wondered if you knew about that.

Report •
Related Solutions

Ask Question