Question about my listening port's - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Question about my listening port's

  1. #11
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    To back up the registry:

    1. Start -> Run -> regedit
    2. Registry -> Export Registry File
    3. Save the file somewhere

    If you want to restore it, under the Registry menu click Import Registry File and browse to the file you saved.

    But shouln't the cleaner be able to clean it up?
    You're right, it should... Make sure it's up to date. Maybe you have to stop the process before you run it? I dunno.

    I guess sometimes you just have to remove it manually. Do a search on your hard drive for aim.exe and delete the file if you find it. It will probably be in the system32 folder. That's where lots of trojans hide themselves. Good luck.

    Oh, I guess I'd might as well give you this link as well. In case you didn't STFW

    mjk

  2. #12
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Atticus, I know, I just got the cleaner a few days ago and I have those things running.

    MJK, I already did a search for aim.exe and it led to a legit program, my aim program.
    I am the uber duck!!1
    Proxy Tools

  3. #13
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Hmmm... Well if you haven't already rebooted, do so then run fport again. If it's still listening, reinstall AIM. If that still doesn't work, I'm stumped.

    mjk

  4. #14
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Ok, I also didn't find any of those things you or norton.com told me to look for in the registry, I think I should also inform you guys that I have this program for aim. It's a filter and it's purpose is to protect me from people booting me and crashing my aim client. But that connects to port 3333, and when I log in using aim and that I am logged in using port 3333 and 5190 but port 5180 is still listening. Also can anyone tell me what bootpc is? It shows up in my netstat readouts as a UDP port. It comes and goes so I have no idea what it is. It doesnt connect, it just has that *:* next to it, what does that mean again? I forgot .
    I am the uber duck!!1
    Proxy Tools

  5. #15
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    if you used fport what was the folder aim was running from? if it was 'C:\PROGRAM FILES\AIM95\AIM.EXE' or somrthing similar have you gone to that folder, right clicked>properties>version on aim.exe to see whay it says?

    this anti-punter probably is intercepting traffic from/to 5180 internally. you need to have you computer scanned from the outside.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #16
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Yes, the fport path is similar to that, but what info am I looking for in the properties?
    I am the uber duck!!1
    Proxy Tools

  7. #17
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    well if it says under version that is america online and not blank or something else renamed to aim its the original file.

    its the same path as the file opening 5190?

    i think your anti-punter doesn't 'change' AIM but acts as a proxy for it leaving the original port listening internally and communicating threw it. just my guess
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #18
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    hmm..doesnt look like a trojan to me if it's got that path and if the registry entry corresponds to aim(or it could be a pretty sophisticated trojan cos it'd have to had messed with the original aim file..not really sophisticated even lol..it could've just bound itself with it..but nm all that)
    What I'd like to know The_Duck,is whether you see anything sneaky in your firewall logs..if AIM's just connecting to the regular AIM server(which you can find out by reverse DNSing the ip on your firewall) ,I figure you should be in the clear...if it's another ip tho..then yep//you've got something..hope this helped a bit

  9. #19
    Banned
    Join Date
    Nov 2003
    Posts
    1,161

    Re: Question about my listening port's

    Originally posted here by The Duck
    Hey guys, I have this question, it's about this program that is running on this specific port.

    I did a netstat -a and it showed up that port 5180 was listening, I did a fport on it and it showed that aim.exe was on this port. So I connected my aim but my aim connects to port 5190, like most aim's I know. I did research on port 5180 and I found that a trojan uses this port. The trojan's name is Backdoor.Peeper. According to symantec this is a trojan that allows remote control of the computer. I used "The Cleaner" and it showed me that I had some trojans, but none of this type. So can anyone help me out?
    Do the netstat commands in my tutorial and match the PID's to your task managers(ctrl-alt-del) PID's, but listen to Tedob1 first.

    PS: Tedob1 that proxyrama is bad a$$

  10. #20
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    to bind two files you have to use some kind of packer and it wouldn't show aol's version information but i agree that checking the logs would be a good thing
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides