|
|
#1
November 21st, 2003, 12:57 AM
|
|||
|
|||
found trojan ports
Yo...I have found ports 12345 netbus, 5000 not sure wat that one is, and
20034 dunno what this one is either but TDS and my other Anti Trojan detecter says these are trojan ports...Now I don't understand because I have scanned my whole computer with TDS i did a Full system scan to scan EVERYTHING memory and all.....and i did the same thing with my other anti trojan. I can't seem to find the 3 trojan fiels that are opening these ports, can someone help me out please? thank you |
|
#2
November 21st, 2003, 04:45 AM
|
||||
|
||||
|
Re:found trojan ports
Port 5000 is typically used by windows svchosts.exe.
Not sure about 12345 but a little investigation maybe required, so download a trial copy of Port Explorer from DCS www.diamondcs.com.au to see exactly what programmes to ports are doing. If you have done a full scan withh TDS3 using the latest radius.tds file & your AV scanner all is probably well. Unfortunately port refs are not a lot of good nowadays. HTH Pilli
__________________
"Education is not the filling of a pail, but the lighting of a fire" Pilli's website http://www.pilliwinks.net |
|
#3
November 21st, 2003, 07:18 AM
|
||||
|
||||
|
Re:found trojan ports
Yes if the local process is a trojan port not OTHER than 5000 and is red in Port Explorer kill it
 Then run a full system scan with the latest databases, please post 2 thingsPort Explorer, click File > Save Table ASViewer, with all options on at the top of the menu Show Services Show Drivers Show Active Setup Components http://www.diamondcs.com.au/portexplorer/ http://www.diamondcs.com.au/index.php?page=asviewer |
|
#4
November 21st, 2003, 07:58 AM
|
||||
|
||||
|
Re:found trojan ports
Hi Marty,
How/where do you see those ports in use or open? Did you use the plugins > trojan ports check? If you have the sockets (upper right corner in TDS) initialised you will find TDS listening on those ports as an extra security so not any (possible) trojan or other illigal process can use those ports at least to start with. Port 5000 is also used by the UPnP, 12345 and 20034 are default Netbus port among others, but Port Explorer will show you if this analysis is right! So the ports in use don't mean immediately you would be infected. It would be different if TDS alerts especially for them like "connection request on trojan port 12345!" or such an alert with a message in the console and email and speech and ping sound and all you configured it to do for you. That would mean to have another look at the firewall as well! Now looking forward to what Gavin asked you to produce to have a look together with you!
__________________
Jooske "o_o" |
|
#5
November 21st, 2003, 02:18 PM
|
|||
|
|||
|
Re:found trojan ports
Hey again, I found out the reason why those ports were open on port explorer, It was because when TDS was on It used those ports to scan those ports for trojans, because on the port explorer it showed that TDS was using them, so big LOL. Sorry bout that guys heh.
Thank you for your help Marty |
|
#6
November 21st, 2003, 02:59 PM
|
||||
|
||||
|
Re:found trojan ports
Quote:
No need for sorry You learnt from your question, the unasked questions can be the most dangerous ones Port Explorer is very useful tool without a doubt 
__________________
"Education is not the filling of a pail, but the lighting of a fire" Pilli's website http://www.pilliwinks.net |
|
#7
November 21st, 2003, 04:07 PM
|
||||
|
||||
|
Re:found trojan ports
Hi Marty,
No need to be sorry, I have learned a bit more from your questions, if in doubt, ask!! We can all learn from each others questions.
__________________
Windows XP sp2 / TDS3 ( as long as I can )/ Port Explorer / WormGuard / Reg Protect / Autostartviewer / |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
