I've recently had a problem with a Poison Ivy RAT virus, and have done scans from NOD32 and Kaspersky, both coming up with nothing. However... my explorer.exe is connecting to an ip on port 3640 (the host it's trying to reach is down)... I can't find out how it's doing this; i've looked at it's dll imports, none changed. Ive done a hijack this, and removed a file called dllhost.exe, which was put to start up.. but that didn't change anything.. It's still trying to connect
netstat -
TCP 79.113.16.100:41330 65.96.253.130:3460 SYN_SENT 2768
[explorer.exe]
any advice on how i could find it's location?
Tags: