Port scan has me worried.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Port scan has me worried.

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    6

    Port scan has me worried.

    Hi,
    I was downloading a file and Norton Antivirus gave me this error message: is infected with the Trojan dropper virus.
    Access to the file was denied.

    I'm assuming that NAV was unable to quarantine it because it's not listed under the quarantine log.
    I have the latest definitions but NAV was unable to find anything, so I downloaded ANti_trojan 5.5 and this is what it tells me I have for open ports.
    Port 80 open. Possible trojans. Webserver (possible Trojaner: Executor)
    Port 1033 open. Possible trojans. NetSpy
    Port 1243 open. Possible trojans. SubSeven
    Port 4092 open. Possible trojans. WinCrash
    Port 5000 open. Possible trojans. Sockets de Troie, Blazer 5

    My question is what do I do next? I did a search of my drive for Netspy.exe and didn't find anything and NAV and Anti-Trojan both tell me that my system is clean.

    I typed "netstat" from the command prompt and see some activity but nothing that is too alarming.

    Does anyone have any advice?


    Thanks,

    J

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    dont get too worried, although you telling me what o/s u use would have helped.

    Port 80- http (internet explorer)

    Port 1033- netspy, or W2k printer port monitor (Will send status request to SNMP community)

    Port 1243- SubSeven Backdoor or SerialGateway (not sure about itm, sounds like a networking dongle)

    Port 4092- WinCrash Alternate Trojan or Asp module for Apache servers (ports 3001 - 6001)

    Port 5000- WindowsME ships with a program called "SSDPSRV.EXE", or Simple Service Discover Protocol Server, which is used for Universal Plug and Play. This process listens on TCP 5000 for XML exchange or Sockets De Troie Trojan

    if you have your AV upto date, thats a start, but programs like Trojan First Aid kit, or the commertial "Cleaner".

    Also see if you can get a port listener/honeypot, like netbuster for example, so you can listen to these ports and see if they are trying to access your system.

    And a firewall program wouldnt go a miss so you can allow/disalow programs access to the net, ppl swear by Tiny firewall

    but i get blocked access from sub7, netbus and deepthroat all the time, its either funny blocking restrictions by your firewall, or a skiddie sweeping the network

    Preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

  3. #3
    Junior Member
    Join Date
    Mar 2002
    Posts
    6
    Sorry I'm running XP. I know that port 80 is the web browser but it's the othere ports that caught my eye. Is there a way to shut down the ports?

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    If you're worried about ports being open and such, then you should DL a firewall for your machine. There are plenty of posts in the firewall forum that can point you in the right direction. ZoneAlarm and Tiny come to mind, but you should get what fits your needs.

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    also go to google and type in "the cleaner" - by Moosoft. Tis a great trojan cleaner that should help.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    i have edited it, sry i hit submit my mistake :P

    dumb me

    Preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    144
    The best firewall imho is sygate. I can completely configure it to do exactly what i need, and its free
    M$ support is like shooting yourself in the left foot and then putting a band-aid on the right one.

  8. #8
    Senior Member
    Join Date
    Dec 2001
    Posts
    304
    You can disable port 5000 by going to admin tools and then services stop the UpNP service and then go to the properties and set to disable. Some of the other ports can probably be closed here as well. Just go threw the list of services and stop and disable anything you dont need
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    get fport from:

    www.foundstone.com

    its freeware and will tell you the name of the service listening on those ports, not just what could or should be there.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Junior Member
    Join Date
    Aug 2002
    Posts
    2

    port 80

    correction: port 80 is not your web browser, its a web server.

    windows xp does not come with a web server, if you did not install one yourself, you might want to look into where that comes from. not to scare you, but possibly a trojan.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •