When I do a netstat (on Windows XP) I seem to always get a huge amount of www.partypoker.com connections and I can't figure out where they are coming from.
A netstat -o
shows me that some are coming from PID xxx, which is Firefox, but if I kill it, the connections still remain.
Some are coming from PID 0, which makes no sense to me.
SECOND PROBLEM: One would think you could edit the C:\WINDOWS\system32\drivers\etc\hosts
file to block this, but it seems like my machine is ignoring the hosts file! (I have tried with the DNS client service both enabled and disabled, same result).
I just rebooted, killed all my normal programs, and I can't seem to reproduce the problem. If I was a paranoid person, I would think there was some sort of an intelligent trojan running.
I am running Windows XP Professional, Kaspersky Antivirus, CCleaner, and am fully up to date on Windows Update. What gives?
My questions are:
- Is anyone else seeing these weird connections to partypoker.com?
- Why isn't my hosts filter working?
- Is there a utility I can run to find out what's happening? I've tried autoruns.exe from Sysinternals but didn't see anything interesting.
Am I the only one with this problem? If there are any additional things you need me to run, let me know.