-
June 3rd, 2004, 03:27 AM
#11
To back up the registry:
1. Start -> Run -> regedit
2. Registry -> Export Registry File
3. Save the file somewhere
If you want to restore it, under the Registry menu click Import Registry File and browse to the file you saved.
But shouln't the cleaner be able to clean it up?
You're right, it should... Make sure it's up to date. Maybe you have to stop the process before you run it? I dunno.
I guess sometimes you just have to remove it manually. Do a search on your hard drive for aim.exe and delete the file if you find it. It will probably be in the system32 folder. That's where lots of trojans hide themselves. Good luck.
Oh, I guess I'd might as well give you this link as well. In case you didn't STFW
mjk
-
June 3rd, 2004, 03:58 AM
#12
-
June 3rd, 2004, 04:03 AM
#13
Hmmm... Well if you haven't already rebooted, do so then run fport again. If it's still listening, reinstall AIM. If that still doesn't work, I'm stumped.
mjk
-
June 3rd, 2004, 04:05 AM
#14
Ok, I also didn't find any of those things you or norton.com told me to look for in the registry, I think I should also inform you guys that I have this program for aim. It's a filter and it's purpose is to protect me from people booting me and crashing my aim client. But that connects to port 3333, and when I log in using aim and that I am logged in using port 3333 and 5190 but port 5180 is still listening. Also can anyone tell me what bootpc is? It shows up in my netstat readouts as a UDP port. It comes and goes so I have no idea what it is. It doesnt connect, it just has that *:* next to it, what does that mean again? I forgot .
-
June 3rd, 2004, 04:06 AM
#15
if you used fport what was the folder aim was running from? if it was 'C:\PROGRAM FILES\AIM95\AIM.EXE' or somrthing similar have you gone to that folder, right clicked>properties>version on aim.exe to see whay it says?
this anti-punter probably is intercepting traffic from/to 5180 internally. you need to have you computer scanned from the outside.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 3rd, 2004, 04:08 AM
#16
Yes, the fport path is similar to that, but what info am I looking for in the properties?
-
June 3rd, 2004, 04:18 AM
#17
well if it says under version that is america online and not blank or something else renamed to aim its the original file.
its the same path as the file opening 5190?
i think your anti-punter doesn't 'change' AIM but acts as a proxy for it leaving the original port listening internally and communicating threw it. just my guess
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 3rd, 2004, 04:45 AM
#18
hmm..doesnt look like a trojan to me if it's got that path and if the registry entry corresponds to aim(or it could be a pretty sophisticated trojan cos it'd have to had messed with the original aim file..not really sophisticated even lol..it could've just bound itself with it..but nm all that)
What I'd like to know The_Duck,is whether you see anything sneaky in your firewall logs..if AIM's just connecting to the regular AIM server(which you can find out by reverse DNSing the ip on your firewall) ,I figure you should be in the clear...if it's another ip tho..then yep//you've got something..hope this helped a bit
-
June 3rd, 2004, 05:02 AM
#19
Re: Question about my listening port's
Originally posted here by The Duck
Hey guys, I have this question, it's about this program that is running on this specific port.
I did a netstat -a and it showed up that port 5180 was listening, I did a fport on it and it showed that aim.exe was on this port. So I connected my aim but my aim connects to port 5190, like most aim's I know. I did research on port 5180 and I found that a trojan uses this port. The trojan's name is Backdoor.Peeper. According to symantec this is a trojan that allows remote control of the computer. I used "The Cleaner" and it showed me that I had some trojans, but none of this type. So can anyone help me out?
Do the netstat commands in my tutorial and match the PID's to your task managers(ctrl-alt-del) PID's, but listen to Tedob1 first.
PS: Tedob1 that proxyrama is bad a$$
-
June 3rd, 2004, 05:03 AM
#20
to bind two files you have to use some kind of packer and it wouldn't show aol's version information but i agree that checking the logs would be a good thing
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|