Monday, February 2, 2015

Tracking down something using Java


I have a program on my Windows server that uses java, and it works just fine. A few days ago, everything began running very slowly and I noticed the server was using a lot of network traffic. I used Resource Monitor to determine where all the data was going to/coming from and blocked the IP in my firewall. This fixed the data issue. I was using another program, TCPView, to try and track down what was going on, when I see the process javaw.exe was using a lot of different port connections, and it was also trying to connect to another IP address. I again banned that IP address, but now I see new processes constantly opening up, it looks like it's trying to dial home but since I blocked the IP it can't, and is constantly refreshing itself.


My biggest fear is I have some kind of virus and trojan installed, but I can't find it. I've ran ESET and it came back with nothing. Is there any way I can figure out what program specifically is having javaw.exe connect to an outside source?


Picture: http://ift.tt/1BVRuob



No comments:

Post a Comment