|
|
#1
March 9th, 2002, 01:06 PM
|
||||
|
||||
Help - Trojan Infection???
I recently installed and ran ANTS on my pc. *After scanning my ports I was given the following message -
"Port 1027 openly. Probable Trojaner: Port 1030 found no Trojaner openly. Probable Trojaner: Port 5000 found no Trojaner openly. Probable Trojaner: SOCKET23" I also have Macfee Firewall and NAV2001. *Can someone provide me some direction - I assume this means I have a trojan(s) and I admit I'm a newbie at all this security stuff...but I'm learning... My initial run of ANTS detected 3 trojans (one in WINDOWS/TEMP and 2 in windows themes I had downloaded). *It also suspected the file C:\Program Files\Gateway\SRCD\win32ui.exe deaditeash |
|
#2
March 9th, 2002, 01:30 PM
|
||||
|
||||
|
Re: Help - Trojan Infection???
Hello deaditeash, and *welcome!
What you have seen is merely a report from open ports on your system. By no means this does imply your system has been infected in any way. What has been stated after each detected open port is merely the name of the trojan/backdoor that standard uses this port. One should regard this just as extra info; no more, no less. As for the scan result: did you perform as scan while heuristics have been set at medium? Using the high heuristics is bound to provide false positives. If scanned using high heuristic settings, please scan once more using the medium heuristic settings. Don't delete any file at this moment. Keep us posted! regards. paul
__________________
01110010 01100101 01100111 01100001 01110010 01100100 01110011 00100000 01110000 01100001 01110101 01101100 |
|
#3
March 9th, 2002, 02:32 PM
|
||||
|
||||
|
Re: Help - Trojan Infection???
I ran the scan again at medium and am getting a suspected file:
C: \Program Files\Gateway\SRCD\win32UI.exe a Trojaner could be! (17) => program writes in Registry (Run, RunOnce etc.) or grasps on INIs to! => Program the system-index questions! => Program the windows-index questions! => Program questions the presently registered user! => Program belays a Port! => Program the sign chain "server" includes! => Program constructs DialUp-connections! ßßßßßßßßßßßßßßßß Required time: 898 seconds |
|
#4
March 9th, 2002, 04:18 PM
|
||||
|
||||
|
Re: Help - Trojan Infection???
This is pointing to the Gateway System Restoration, and seems like a false positive to me.
"could be" is related to the fact, the .exe file has shows behaviour that equals common trojan(server) behaviour, as summed up. Nevertheless, to be absolutely on the safe side, you could send a copy of the file to the author from ANTS for examination: Andreas Haak, email: andy@ewido.com regards. paul
__________________
01110010 01100101 01100111 01100001 01110010 01100100 01110011 00100000 01110000 01100001 01110101 01101100 |
|
#5
March 14th, 2002, 10:18 PM
|
||||
|
||||
|
Re: Help - Trojan Infection???
It seems you use Ants 2.0. This version is outdated. I would not recommend to use it anymore. There will be a new version 2.2 out soon. If you still use Ants 2.0 be careful with the results. Ants 2.0's heuristic and port scan feature produce a lot of false positives.
wizard
__________________
wizardRESEARCH - Malware Research & Analysis since 1989 |
|
#6
March 15th, 2002, 04:04 AM
|
||||
|
||||
|
Re: Help - Trojan Infection???
Ok - thanks - I actually ran TDS eval and came up trojan free - I was aware ANTS is coming out with a new version and was suspicous...
|
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
