-
netbus
I recently installed and configured a netgear router for my computers.I went to a site called PC Flank and had a scan done. The report said everything was stealth except for 12345 which was a popular trojan vulnerability .This was closed but "visible" and therfore presented a risk. I am not sure what I should do about this. I have Zone alarm pro version 3. I went to Google and Zone's technical support but still was confused as what to do? Should I change firewalls?Could someone advise me?. Thanks, Auntie
-
If I remember correctly, and I'm open to corrections, some AV companies removed Netbus from their definitions because it can be "considered" a remote administraton tool. You can try going to www.agnitum.com and getting TauScan, which will scan your computer for Trojans and remove them
-
If i remember right, closed usually means that the connection was refused (not accepted); however, it was still something that was noticed and you need to identify what caused that to be noticed. First thing you should do is look at your Zone Alarm applications list and see if you can't find what is using that port (if anything), also bring up a dos prompt and type 'netstat -an' and see if port 12345 is listening. You might wanna try FPORT (www.foundstone.com), that will tell you if any programs are listening on that port. The other possible source would be if the linksys you have has a firewall capability, if so, that port is something that is commonly blocked and could cause you to see those results.
hope that helps,
nebulus
-
if its being read as open but filtered, its usually some firewalling device. If your running norton, it does pick up NetBus.
-
If you have a honey pot program running, such at NukeNabber or TambuUDP Scrambler, they might be listening on port 12345 to 'fool' hackers into thinking its a legit trojan. Make sure its not one of those. Secondly, why not trying another third-party scan, such as Sygate Online Scan?
-
I don't have anything else to say to instead of giving positive AP i'll just say good answer to all !
Another you might want to try is to telnet to you own computer on port 12345 and it offers you a loggin then you are in infected .
You could also use a port listenners on that port to see wich application is trying to make use of it.