-
December 4th, 2001, 09:42 AM
#1
Junior Member
sockets 23 how to remove?
hello, can anyone tell me how to remove this trojan?
should i have port 139 open or is that a trojan running on that port too? thanks
Sex, drugs, money, and murder.
-
December 4th, 2001, 10:25 AM
#2
Member
Hi
I've never heard of "Socket 23" trojan, and I did not found it on viriii info : (http://www.antivirus.com/vinfo)... but I found it in Anti Trojan Network : www.anti-trojan.net
It seems to use port 5000.
To remove it, update your AV and look for it. You can also make a "online check" from Anti Trojan Network to see what ports are open.
Secondly, port 139 is part of the Windowz Netbios protocol, so don't be afraid if it's open. Again, check with your AV.
Install a firewall (like ZoneAlarm). Last but not least move to Linux / FreeBSD !
Hope it helps !
- hantiz
Linoux c\'est de la bombe bébé !
-
December 4th, 2001, 10:30 AM
#3
I doubt you have a trojan listening on port 139, it's just 'file and printer-sharing' turned on on your computer. It's been discussed here before: http://www.antionline.com/showthread...hlight=netbios
You can turn off file and printer sharing in 'local area connection properties'. It's under control panel -> networking.
-
December 4th, 2001, 10:32 AM
#4
i went to http://www.anti-trojan.net/ and it is really good site. Thankz hantiz you give us good sites to go.
-
December 4th, 2001, 10:34 AM
#5
Member
I found that on a hacker web site, description and download link for that beasts :
""
- Acts like a Virus; loops through the entire Hardisk and infects all EXE's ( ), it's quite obvious the HD fills up really fast because of the 220+ K this thing has. As Trojan it's quite old and has built in Icq nuker,scanner etc. Has some neat features. ""
Good luck !
-hantiz.
Linoux c\'est de la bombe bébé !
-
December 4th, 2001, 03:37 PM
#6
Junior Member
Re: sockets 23 how to remove?
I recommend TFAK by Snakebyte for all your trojan detection and removal needs. It's free.
-
December 4th, 2001, 05:23 PM
#7
Member
Be careful next time to use a firewall, and use it wisely.
Ah well...I\'m back on AntiOnline!
-
December 4th, 2001, 06:14 PM
#8
Member
Re: sockets 23 how to remove?
Originally posted by zone8
hello, can anyone tell me how to remove this trojan?
should i have port 139 open or is that a trojan running on that port too? thanks
What makes you suspect that this port is opened by a trojan? Port 23 is reserved for telnet, so you might just have a telnet server running. Since you have port 139 open then you must be running windows, but what version? Some server versions (NT, 2000, XP) can by default run an Telnet server. Try connecting to that port with a telnet client and see what it says. What programs are you running when you hit CTRL-ALT-DEL? Anything unsual or any rundll? See what netstat -a has to offer too.
Originally posted by hantiz
Secondly, port 139 is part of the Windowz Netbios protocol, so don't be afraid if it's open.
Well, its true its not a huge deal, but it can be easily exploited. Unless your on a home network (or company) that shares its hard drive or printer with the rest of the network, I would definitly unload netBIOS. Any little kid with too much time on their hands can scan your IP range with something like Legion and make your life a living hell (depending on what you have shared).
And don't think "hey, its just a printer - what could happen." I thought the same thing until I went to my friends house and found a 50 page printout on his inkjet in big bold letters saying "I'm a printer, feed me paper" over and over again. I found it VERY amusing, he didn't. Guess if it was mine I'd be the same way.
-
December 4th, 2001, 06:31 PM
#9
Junior Member
139 Trojans
port 139 Chode, God Message worm, Msinit, Netlog, Network, Qaz
-
December 4th, 2001, 07:42 PM
#10
Junior Member
Sorry for not giving enough info. The trojan is called sockets de troie or socket23. it uses port 5000. I found an old post here and someone was talking about a trojan that affects plug and play on the same port. He advised to disable plug and play. So i did that and did a port scan. That did close the port, but do I have a trojan? Or is this microsoft I have norton anti virus, it detects nothing. Also this port 139 worries me. I've tried telnet with no success. I'm using windows me and i don't run a network so i don't know why that port should be open. I guess i'm allright i installed zonealarm. Anywayz thanks for your help.
Sex, drugs, money, and murder.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|