I am learning how to analyze what a Windws system is doing based on looking at processes and network connections.
One system I just ran across has Process ID zero with multiple connections to external IP addresses (most Yahoo registered) on port 80. This has me suspicious as I assume process ID zero (PID 0) would be one of the first processes to run at startup and would be unlikely to ever need to talk to anything on the Net.
Can someone explain this or am I potentially looking at a system with unauthorized software running and hiding?
Windows XP SP3
April 23, 2010 4:16 PM
April 23, 2010 6:32 PM