-
June 2nd, 2004, 11:39 PM
#1
Question about my listening port's
Hey guys, I have this question, it's about this program that is running on this specific port.
I did a netstat -a and it showed up that port 5180 was listening, I did a fport on it and it showed that aim.exe was on this port. So I connected my aim but my aim connects to port 5190, like most aim's I know. I did research on port 5180 and I found that a trojan uses this port. The trojan's name is Backdoor.Peeper. According to symantec this is a trojan that allows remote control of the computer. I used "The Cleaner" and it showed me that I had some trojans, but none of this type. So can anyone help me out?
-
June 3rd, 2004, 12:04 AM
#2
Originally posted here by Soda_Popinsky
Google for fport, by foundstone
Best tool ever for this sort of thing.
I did a fport on it and it showed that aim.exe was on this port
Uh oh! Read twice, post once (just jokin w/ ya)
Anyways it looks like the peeper trojan, as you said. The default server name is internt.exe.. but most of the time trojans will be renamed to look like a well-known application. Check in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
That's where it starts up from. If you see aim.exe remove it.
Hope this helps.
mjk
-
June 3rd, 2004, 01:36 AM
#3
-
June 3rd, 2004, 01:40 AM
#4
Start->run->regedit
Then use the path given to you.
Oh and if you find what you want to delete right click for option...and make a back up first.
NORML
Signature image is too tall!
-
June 3rd, 2004, 01:48 AM
#5
Will that back up the WHOLE registry?
-
June 3rd, 2004, 01:50 AM
#6
This will...assuming it`s nt/2000/xp...
Click Start > Programs > Accessories > System Tools > Backup.
Click Advanced Mode.
On the Welcome tab, click the Backup Wizard (Advanced) button.
Click Next.
Select Only back up the System State data, and then click next.
Click the Browse button.
Click Cancel if the "Insert Disk" warning message pops up.
In the Save As dialog box, choose a location to save your registry back up.
Click Save.
Click Next.
Review the information in this window. Your Contents should say "Back up only the system state." Click Finish.
When the back up completes click Close.
Your registry is now backed up. You may close the Backup Utility window.
Win9x
Click Start, click Run, type scanregw, and then click OK.
When you receive a prompt to back up the registry, click Yes.
When you receive the "Backup complete" message, click OK.
I used this link as quick reference BTW...
Symantec
NORML
Signature image is too tall!
-
June 3rd, 2004, 01:56 AM
#7
I don't have a "back up" option in my system tools menu. Is there another name that it would be called?
-
June 3rd, 2004, 01:58 AM
#8
The thing is ...you never said what OS you were using.
Don`t you have Spybot s&d or something it has an option to back it up i believe.
//2nd edit...If the Cleaner was updated and all, are you sure it didn`t make the necessary changes? What exact trojans did it find? Need more info i guess.
NORML
Signature image is too tall!
-
June 3rd, 2004, 03:12 AM
#9
Yes, I have spybot search and destroy and yes the cleaner is updated. It found 4 trojans that just tracked my internet activities, like spyware, and the other one was called...stumpy... I think. What stumpy does it open a connection to another server or ftp site and downloads other trojans. Before I ran the cleaner I did trend micro online scanner. It found a trojan to, but it just did small simple things like reset your homepage and stuff. Yesterday I ran spybot search and destroy in safe mode and it found something in the registry that was a "security hole". It removed it and yes I am up to date with my windows updates. BTW, I am running Windows XP.
-
June 3rd, 2004, 03:24 AM
#10
I always wonder when i read threads like this how in the hell people manage to pick up trojan(s) like this. You need some kinda real-time protection The Duck. From know on enable TC active and TC monitor (the cleaner)to start with windows and run. This will hopefully stop the registry from being altered.
NORML
Signature image is too tall!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|