Results 1 to 9 of 9

Thread: Trojans??

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002

    Angry Trojans??

    Last week when I came home Norton Tools left a message on my screen saying that it had located a backdoor hack on my computer but couldn't do anything until I updated my software. Funny thing is I was running the most current version, I proceeded to download the newest updates from their website but have been unable to find that error again or any viruses on my computer.

    I ran updated Norton, and Adaware. I am planning on installing a new hard drive and copying over some data and a lot of programs. I think this backdoor may be linked to my IRC software and such.

    My basic question is if anyone knows of a program or where I can look to locate this backdoor hack that is in my software somewhere. Please help a geek in need
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002

    Post Active-Ports

    maybe some sort of active ports software...

    Active Ports - easy to use tool that enables you to monitor all open TCP/IP
    and UDP ports on the local computer. Active Ports maps ports to the owning
    application so you can watch which process has opened which port. It also
    displays a local and remote IP address for each connection and allows you
    to terminate the owning process. Active Ports can help you to detect trojans
    and other malicious programs.
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Sounds like a good idea, do you know of any or where I can get (free/purchase) one of these programs?
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click

  4. #4
    if you're using a Windoze box... isn't there a "NET STAT PORTS" command from the command line that can show you the information you need?

  5. #5
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Netstat won't tell you which program (.exe) it is...
    Here is what "netstat -a" looks like ::

    Active Connections

    Proto Local Address Foreign Address State
    TCP PC000000000:epmap LISTENING
    TCP PC000000000:microsoft-ds LISTENING
    TCP PC000000000:1050 LISTENING
    TCP PC000000000:1052 LISTENING
    TCP PC000000000:1058 LISTENING
    TCP PC000000000:1630 LISTENING
    TCP PC000000000:1832 LISTENING
    TCP PC000000000:2301 LISTENING
    TCP PC000000000:2402 LISTENING
    TCP PC000000000:2614 LISTENING
    TCP PC000000000:3318 LISTENING
    TCP PC000000000:3372 LISTENING
    TCP PC000000000:4086 LISTENING
    TCP PC000000000:4138 LISTENING
    TCP PC000000000:4389 LISTENING
    TCP PC000000000:4401 LISTENING
    TCP PC000000000:4752 LISTENING
    TCP PC000000000:4977 LISTENING
    TCP PC000000000:5044 LISTENING
    TCP PC000000000:netbios-ssn LISTENING
    TCP PC000000000:1041 TIME_WAIT
    TCP PC000000000:1111 LISTENING
    TCP PC000000000:1120 LISTENING
    TCP PC000000000:1120 ESTABLISHED
    TCP PC000000000:1630 CLOSE_WAIT
    TCP PC000000000:2614 ESTABLISHED
    TCP PC000000000:3002 LISTENING
    TCP PC000000000:3002 RT579SHK:netbios-ssn ESTABLISHED
    TCP PC000000000:3318 ESTABLISHED
    TCP PC000000000:3389 LISTENING
    TCP PC000000000:3408 LISTENING
    TCP PC000000000:4086 ESTABLISHED
    TCP PC000000000:4977 ESTABLISHED
    TCP PC000000000:1027 TIME_WAIT
    TCP PC000000000:1028 TIME_WAIT
    TCP PC000000000:1029 TIME_WAIT
    TCP PC000000000:1030 TIME_WAIT
    TCP PC000000000:1031 TIME_WAIT
    TCP PC000000000:1032 TIME_WAIT
    TCP PC000000000:1033 TIME_WAIT
    TCP PC000000000:1034 TIME_WAIT
    TCP PC000000000:1035 TIME_WAIT
    TCP PC000000000:1036 TIME_WAIT
    TCP PC000000000:1037 TIME_WAIT
    TCP PC000000000:1038 TIME_WAIT
    TCP PC000000000:1039 TIME_WAIT
    TCP PC000000000:1040 TIME_WAIT
    TCP PC000000000:1044 TIME_WAIT
    TCP PC000000000:1045 TIME_WAIT
    TCP PC000000000:1046 TIME_WAIT
    TCP PC000000000:1047 TIME_WAIT
    TCP PC000000000:1049 TIME_WAIT
    TCP PC000000000:1051 TIME_WAIT
    TCP PC000000000:1053 TIME_WAIT
    TCP PC000000000:1054 TIME_WAIT
    TCP PC000000000:1055 TIME_WAIT
    TCP PC000000000:1056 TIME_WAIT
    TCP PC000000000:1057 TIME_WAIT
    TCP PC000000000:1059 TIME_WAIT
    TCP PC000000000:4137 LISTENING
    TCP PC000000000:4137 ESTABLISHED
    TCP PC000000000:4138 ESTABLISHED
    UDP PC000000000:epmap *:*
    UDP PC000000000:microsoft-ds *:*
    UDP PC000000000:1027 *:*
    UDP PC000000000:1041 *:*
    UDP PC000000000:1046 *:*
    UDP PC000000000:2301 *:*
    UDP PC000000000:4083 *:*
    UDP PC000000000:4084 *:*
    UDP PC000000000:netbios-ns *:*
    UDP PC000000000:netbios-dgm *:*
    UDP PC000000000:402 *:*
    UDP PC000000000:2301 *:*
    UDP PC000000000:2688 *:*
    UDP PC000000000:4108 *:*
    UDP PC000000000:4597 *:*
    UDP PC000000000:4961 *:*
    yeah, I\'m gonna need that by friday...

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Try fport - free and does the job.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Join Date
    Nov 2002
    My norton antivirus wouldnt detect my backdoor either but norton firewall kept saying somebody had tried to hack in. I downloaded a free trial version of a program called cleaner and norton hasnt detected anything since. The website is

  8. #8
    Junior Member
    Join Date
    Nov 2002
    Spyrus, did you run the security check from the Symantec site? I did it the other night and it takes about 5 minutes to thoroughly analyze possible security risks. It scans all ports and will give you a detailed report about each one, i.e., "port is open", "closed", or "stealthed". Then it interprets the findings in terms of risk. Make sure to click on the blue links within each report to get detailed stats. You can even leave your firewall on during the process--it has some way of penetrating it. Also, my understanding is, that if a (known) trojan is hiding within your software, that your firewall will not permit it to communicate with the hacker. This has never happened to me, although Norton Security has blocked several SubSevens from coming in.

  9. #9
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    well spyrus , you can get a copy of Trojan Remover from It is prolly the best piece of software for removing trojans.
    "Serenity is not the absence of conflict, but the ability to cope with it."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts