Question about my listening port's
Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Question about my listening port's

  1. #1
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065

    Question about my listening port's

    Hey guys, I have this question, it's about this program that is running on this specific port.

    I did a netstat -a and it showed up that port 5180 was listening, I did a fport on it and it showed that aim.exe was on this port. So I connected my aim but my aim connects to port 5190, like most aim's I know. I did research on port 5180 and I found that a trojan uses this port. The trojan's name is Backdoor.Peeper. According to symantec this is a trojan that allows remote control of the computer. I used "The Cleaner" and it showed me that I had some trojans, but none of this type. So can anyone help me out?
    I am the uber duck!!1
    Proxy Tools

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Originally posted here by Soda_Popinsky
    Google for fport, by foundstone

    Best tool ever for this sort of thing.
    I did a fport on it and it showed that aim.exe was on this port
    Uh oh! Read twice, post once (just jokin w/ ya)


    Anyways it looks like the peeper trojan, as you said. The default server name is internt.exe.. but most of the time trojans will be renamed to look like a well-known application. Check in the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    That's where it starts up from. If you see aim.exe remove it.

    Hope this helps.

    mjk

  3. #3
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    But shouln't the cleaner be able to clean it up?
    I hate goning into the registery...

    Unfortunatly I don't know the registry that well... If you could be kind enough to walk me through the process I would be very greatful .

    EDIT***

    Well, I checked the registry and didn't see a aim.exe. I only saw things that looked like I needed. Any other idea's?

    P.S. I knew how to get to the registry, I just don't feel confortable there .
    I am the uber duck!!1
    Proxy Tools

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    111
    Start->run->regedit

    Then use the path given to you.

    Oh and if you find what you want to delete right click for option...and make a back up first.
    NORML

    Signature image is too tall!

  5. #5
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Will that back up the WHOLE registry?
    I am the uber duck!!1
    Proxy Tools

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    111
    This will...assuming it`s nt/2000/xp...


    Click Start > Programs > Accessories > System Tools > Backup.
    Click Advanced Mode.
    On the Welcome tab, click the Backup Wizard (Advanced) button.
    Click Next.
    Select Only back up the System State data, and then click next.
    Click the Browse button.
    Click Cancel if the "Insert Disk" warning message pops up.
    In the Save As dialog box, choose a location to save your registry back up.
    Click Save.
    Click Next.
    Review the information in this window. Your Contents should say "Back up only the system state." Click Finish.
    When the back up completes click Close.
    Your registry is now backed up. You may close the Backup Utility window.

    Win9x

    Click Start, click Run, type scanregw, and then click OK.
    When you receive a prompt to back up the registry, click Yes.
    When you receive the "Backup complete" message, click OK.

    I used this link as quick reference BTW...

    Symantec
    NORML

    Signature image is too tall!

  7. #7
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    I don't have a "back up" option in my system tools menu. Is there another name that it would be called?
    I am the uber duck!!1
    Proxy Tools

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    111
    The thing is ...you never said what OS you were using.

    Don`t you have Spybot s&d or something it has an option to back it up i believe.

    //2nd edit...If the Cleaner was updated and all, are you sure it didn`t make the necessary changes? What exact trojans did it find? Need more info i guess.
    NORML

    Signature image is too tall!

  9. #9
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Yes, I have spybot search and destroy and yes the cleaner is updated. It found 4 trojans that just tracked my internet activities, like spyware, and the other one was called...stumpy... I think. What stumpy does it open a connection to another server or ftp site and downloads other trojans. Before I ran the cleaner I did trend micro online scanner. It found a trojan to, but it just did small simple things like reset your homepage and stuff. Yesterday I ran spybot search and destroy in safe mode and it found something in the registry that was a "security hole". It removed it and yes I am up to date with my windows updates. BTW, I am running Windows XP.
    I am the uber duck!!1
    Proxy Tools

  10. #10
    Senior Member
    Join Date
    Mar 2004
    Posts
    111
    I always wonder when i read threads like this how in the hell people manage to pick up trojan(s) like this. You need some kinda real-time protection The Duck. From know on enable TC active and TC monitor (the cleaner)to start with windows and run. This will hopefully stop the registry from being altered.
    NORML

    Signature image is too tall!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •