Trojans??
Results 1 to 9 of 9

Thread: Trojans??

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741

    Angry Trojans??

    Last week when I came home Norton Tools left a message on my screen saying that it had located a backdoor hack on my computer but couldn't do anything until I updated my software. Funny thing is I was running the most current version, I proceeded to download the newest updates from their website but have been unable to find that error again or any viruses on my computer.

    I ran updated Norton, and Adaware. I am planning on installing a new hard drive and copying over some data and a lot of programs. I think this backdoor may be linked to my IRC software and such.

    My basic question is if anyone knows of a program or where I can look to locate this backdoor hack that is in my software somewhere. Please help a geek in need
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    Post Active-Ports

    maybe some sort of active ports software...

    Active Ports - easy to use tool that enables you to monitor all open TCP/IP
    and UDP ports on the local computer. Active Ports maps ports to the owning
    application so you can watch which process has opened which port. It also
    displays a local and remote IP address for each connection and allows you
    to terminate the owning process. Active Ports can help you to detect trojans
    and other malicious programs.

    www.protect-me.com
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    Sounds like a good idea, do you know of any or where I can get (free/purchase) one of these programs?
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  4. #4
    if you're using a Windoze box... isn't there a "NET STAT PORTS" command from the command line that can show you the information you need?

  5. #5
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Netstat won't tell you which program (.exe) it is...
    Here is what "netstat -a" looks like ::

    Active Connections

    Proto Local Address Foreign Address State
    TCP PC000000000:epmap PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:microsoft-ds PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1050 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1052 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1058 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1630 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1832 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:2301 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:2402 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:2614 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:3318 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:3372 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4086 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4138 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4389 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4401 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4752 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4977 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:5044 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:netbios-ssn PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1041 sta2dc03.microsoft.com:microsoft-ds TIME_WAIT
    TCP PC000000000:1111 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1120 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:1120 wiuhw92h.aol.com:netbios-ssn ESTABLISHED
    TCP PC000000000:1630 127.0.0.1:http CLOSE_WAIT
    TCP PC000000000:2614 stasosm6.microsoft.com:1079 ESTABLISHED
    TCP PC000000000:3002 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:3002 RT579SHK:netbios-ssn ESTABLISHED
    TCP PC000000000:3318 sta9783h.microsoft.com:microsoft-ds ESTABLISHED
    TCP PC000000000:3389 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:3408 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4086 sta9u834.microsoft.com:1115 ESTABLISHED
    TCP PC000000000:4977 sta4u3n4.microsoft.com:microsoft-ds ESTABLISHED
    TCP PC000000000:1027 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1028 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1029 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1030 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1031 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1032 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1033 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1034 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1035 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1036 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1037 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1038 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1039 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1040 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1044 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1045 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1046 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1047 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1049 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1051 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1053 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1054 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1055 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1056 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1057 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:1059 PC000000000.microsoft.com:2301 TIME_WAIT
    TCP PC000000000:4137 PC000000000.microsoft.com:0 LISTENING
    TCP PC000000000:4137 PC000000000.microsoft.com:4138 ESTABLISHED
    TCP PC000000000:4138 PC000000000.microsoft.com:4137 ESTABLISHED
    UDP PC000000000:epmap *:*
    UDP PC000000000:microsoft-ds *:*
    UDP PC000000000:1027 *:*
    UDP PC000000000:1041 *:*
    UDP PC000000000:1046 *:*
    UDP PC000000000:2301 *:*
    UDP PC000000000:4083 *:*
    UDP PC000000000:4084 *:*
    UDP PC000000000:netbios-ns *:*
    UDP PC000000000:netbios-dgm *:*
    UDP PC000000000:402 *:*
    UDP PC000000000:2301 *:*
    UDP PC000000000:2688 *:*
    UDP PC000000000:4108 *:*
    UDP PC000000000:4597 *:*
    UDP PC000000000:4961 *:*
    yeah, I\'m gonna need that by friday...

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Try fport - free and does the job.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Member
    Join Date
    Nov 2002
    Posts
    37
    My norton antivirus wouldnt detect my backdoor either but norton firewall kept saying somebody had tried to hack in. I downloaded a free trial version of a program called cleaner and norton hasnt detected anything since. The website is www.moosoft.com.

  8. #8
    Junior Member
    Join Date
    Nov 2002
    Posts
    4
    Spyrus, did you run the security check from the Symantec site? I did it the other night and it takes about 5 minutes to thoroughly analyze possible security risks. It scans all ports and will give you a detailed report about each one, i.e., "port is open", "closed", or "stealthed". Then it interprets the findings in terms of risk. Make sure to click on the blue links within each report to get detailed stats. You can even leave your firewall on during the process--it has some way of penetrating it. Also, my understanding is, that if a (known) trojan is hiding within your software, that your firewall will not permit it to communicate with the hacker. This has never happened to me, although Norton Security has blocked several SubSevens from coming in.

  9. #9
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    well spyrus , you can get a copy of Trojan Remover from www.simplysup.com. It is prolly the best piece of software for removing trojans.
    -N
    "Serenity is not the absence of conflict, but the ability to cope with it."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •