Results 1 to 10 of 10

Thread: sockets 23 how to remove?

  1. #1
    Junior Member
    Join Date
    Nov 2001
    Posts
    4

    sockets 23 how to remove?

    hello, can anyone tell me how to remove this trojan?
    should i have port 139 open or is that a trojan running on that port too? thanks
    Sex, drugs, money, and murder.

  2. #2
    Hi

    I've never heard of "Socket 23" trojan, and I did not found it on viriii info : (http://www.antivirus.com/vinfo)... but I found it in Anti Trojan Network : www.anti-trojan.net

    It seems to use port 5000.

    To remove it, update your AV and look for it. You can also make a "online check" from Anti Trojan Network to see what ports are open.

    Secondly, port 139 is part of the Windowz Netbios protocol, so don't be afraid if it's open. Again, check with your AV.

    Install a firewall (like ZoneAlarm). Last but not least move to Linux / FreeBSD !

    Hope it helps !

    - hantiz
    Linoux c\'est de la bombe bébé !

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    I doubt you have a trojan listening on port 139, it's just 'file and printer-sharing' turned on on your computer. It's been discussed here before: http://www.antionline.com/showthread...hlight=netbios

    You can turn off file and printer sharing in 'local area connection properties'. It's under control panel -> networking.
    ---
    proactive

  4. #4
    sebastos12
    Guest
    i went to http://www.anti-trojan.net/ and it is really good site. Thankz hantiz you give us good sites to go.

  5. #5

    Post

    I found that on a hacker web site, description and download link for that beasts :

    ""
    - Acts like a Virus; loops through the entire Hardisk and infects all EXE's ( ), it's quite obvious the HD fills up really fast because of the 220+ K this thing has. As Trojan it's quite old and has built in Icq nuker,scanner etc. Has some neat features. ""

    Good luck !

    -hantiz.
    Linoux c\'est de la bombe bébé !

  6. #6
    Junior Member
    Join Date
    Dec 2001
    Posts
    10

    Re: sockets 23 how to remove?

    I recommend TFAK by Snakebyte for all your trojan detection and removal needs. It's free.

  7. #7
    Be careful next time to use a firewall, and use it wisely.
    Ah well...I\'m back on AntiOnline!

  8. #8

    Re: sockets 23 how to remove?

    Originally posted by zone8
    hello, can anyone tell me how to remove this trojan?
    should i have port 139 open or is that a trojan running on that port too? thanks
    What makes you suspect that this port is opened by a trojan? Port 23 is reserved for telnet, so you might just have a telnet server running. Since you have port 139 open then you must be running windows, but what version? Some server versions (NT, 2000, XP) can by default run an Telnet server. Try connecting to that port with a telnet client and see what it says. What programs are you running when you hit CTRL-ALT-DEL? Anything unsual or any rundll? See what netstat -a has to offer too.
    Originally posted by hantiz
    Secondly, port 139 is part of the Windowz Netbios protocol, so don't be afraid if it's open.
    Well, its true its not a huge deal, but it can be easily exploited. Unless your on a home network (or company) that shares its hard drive or printer with the rest of the network, I would definitly unload netBIOS. Any little kid with too much time on their hands can scan your IP range with something like Legion and make your life a living hell (depending on what you have shared).
    And don't think "hey, its just a printer - what could happen." I thought the same thing until I went to my friends house and found a 50 page printout on his inkjet in big bold letters saying "I'm a printer, feed me paper" over and over again. I found it VERY amusing, he didn't. Guess if it was mine I'd be the same way.

  9. #9
    Junior Member
    Join Date
    Nov 2001
    Posts
    2

    139 Trojans

    port 139 Chode, God Message worm, Msinit, Netlog, Network, Qaz

  10. #10
    Junior Member
    Join Date
    Nov 2001
    Posts
    4
    Sorry for not giving enough info. The trojan is called sockets de troie or socket23. it uses port 5000. I found an old post here and someone was talking about a trojan that affects plug and play on the same port. He advised to disable plug and play. So i did that and did a port scan. That did close the port, but do I have a trojan? Or is this microsoft I have norton anti virus, it detects nothing. Also this port 139 worries me. I've tried telnet with no success. I'm using windows me and i don't run a network so i don't know why that port should be open. I guess i'm allright i installed zonealarm. Anywayz thanks for your help.
    Sex, drugs, money, and murder.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •