I noticed that my McAfee Firewall was behaving in suspicious manner. Then I scanned my PC with Norton AntiVirus & Trojan was found & deleted. I can't remember the name of the trojan. Later, same thing happened and a trojan was found & deleted. I also use Spybot Search & Destroy and it found no Trojan.

I scanned my ports at Sygate & GRC & the reports say that all the ports are stealthed or blocked.

I suspect I am hacked while in the chat room as someone that I don't know always IM me through Yahoo Messenger whenever I am online whether I sign on YM or use Yahoo DHTML chat.

Later, I uninstall my McAfee firewall as it does not behave like the first time I install it. Eg. : There are many programs continuously asking for permission to connect whenever I log in to my PC even though I have granted permission in the past.

I installed Zone Alarm Pro trial version & scan my posts at Sygate again & all been blocled except UDP san which say:




We have determined that you do not have any firewall blocking UDP ports!

Your system ports are now being scanned and the results will be returned shortly...
Note: this may take up to one minute on some ports!

Results from UDP scan of commonly used ports at IP address:

Service Ports Status Additional Information
FTP DATA 20 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

FTP 21 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

SSH 22 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

TELNET 23 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

SMTP 25 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

DNS 53 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

DCC 59 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

DHCP SERVER 67 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

FINGER 79 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

WEB 80 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

POP3 110 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

SUNRPC 111 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

IDENT 113 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
Location Service 135 OPEN Microsoft relies upon DCE Locator service (RPC) to remotely manage services like DHCP server, DNS server and WINS server.
NetBIOS-NS 137 OPEN Windows/Samba file and print sharing.

NetBIOS-DGM 138 OPEN Windows/Samba file and print sharing.

NetBIOS 139 OPEN NetBios is used to share files through your Network Neighborhood. If you are connected to the internet with this open, you could be sharing your whole hard drive with the world! This is a very dangerous port to have open.

HTTPS 443 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Server Message Block 445 OPEN In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT.

SOCKS PROXY 1080 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

UPnP 1900 OPEN This is the port used by Universal Plug and Play (UPnP). If this port is open anyone on the Internet may be able to

WEB PROXY 8080 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Results from UDP scan of commonly used trojans at IP address:
Service Ports Status Possible Trojan

Trojan 6776 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Trojan 12345 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Trojan 20034 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Trojan 31337 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Trojan 54320 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Trojan 54321 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

You are not fully protected:
We have detected that some of our probes connected with your computer.






What must I do? In the past there is no result for Trojan whenever I scanned my PC at http://scan.sygate.com

I am too lazy to reformat my PC again. Should I uninstall Zone Alarm and use other firewall?

How to close all those ports? I have disable NetBios in Win XP but it still shows open.


Thanks for taking the time to answer my questions.