Do a full sweep with malwarebytes. Update it first.

Translation:
In actuality your norton software is updating or something along those lines.

said:

said:

Translation:
In actuality your norton software is updating or something along those lines.

From what I read and understand is if I see something other than 127.0.0.1 or 0.0.0.0 when I run netstat or netstat -ano then it is someone else connected especially when it says "ESTABLISHED"

True?[hr]

said:

said:

Translation:
In actuality your norton software is updating or something along those lines.

From what I read and understand is if I see something other than 127.0.0.1 or 0.0.0.0 when I run netstat or netstat -ano then it is someone else connected especially when it says "ESTABLISHED"

True?

Norton isn't running when I see these.

Right, go into "services.msc". Stop ALL norton/symantec services - completely. The fact you say Northon isn't running, means you have it installed. A service or part of the norton product is running and connected to another system. Don't alter anything in services.msc apart from stopping the services. Then run netstat. You'll see the issue is resolved if you've closed all their programs. If it's not then you need to contact symantec/norton and delve deeper into the precise connection.

netstat -ano (as far as I'm aware) gives you the process ID and also the socket information (source and destination). Find the PID and look it up in task manager or using process hacker.

PS: to undo changes made in services.msc reboot your pc.

The who is on the ip address 192.168.1.71 comes back as private and untraceable belonging to ARIN?????

I was on hackforums and I was asking about some software and how it is used. Someone invited me to Teamviewer and Skype and like a dumbass I accepted. He was acting all weird and then I got uncomfortable and closed it out. Ever since then I've been seeing these things.

I sent a semi-nasty email to this guy and his crew leader and then next thing you know .... weird shit happens.

said:

192.168.1.71 is your local LAN address!

Local LAN?? WTF?? Are you saying it's impossible what I'm saying? I hope thats the case but shits very weird.

said:

I'm saying thats it's insane.

No one has hacked you. Unless it's an extraneous issue to this situation. You have a service connected to symantec's service. Its using SSL.

Your pc 192.168.1.71 is connected to Symantecs server. LAN = Local Area Network. You can't whois your local address (192.168.1.71). Whois is for domains and remote host/server IP addresses not your local network addresses.

Unless it's an extraneous issue to this situation. Yes, this is what I believe.

http://elamb.org/hacked/IDTools.htm

what about what it says here? this is exactly what mine is doing when I run netstat!

said:

An "extraneous issue" means something outside what you have told us.

They say clearly:

If there is a ridiculous amount of activity scrolling up the screen and your system is a sluggish, you may have a Trojan, virus or worm.

That is in no way a definite. You may have. That warrants checking into the source of the connection and where its going. Thats been done. Your the one end and symantec is the other. Unless symantec has been hacked just for the purpose of a revenge attack on you i'd say your safe on this occasion.

No ... nothing outside what I've told you. The hackforums experience being the biggest red flag. Yes, there sometimes is a ridiculous amout of activity scrolling up the screen.