Quick question about Port Explorer

Whenever the program detects a trogin or a bad port, will it automatically remove it? or u have to Kill process on your own?

 

You would have to do so on your own. Also, keep in mind that not all hidden sockets are trojans and not all trojan ports are used only by trojans so there is necessarily an element of investigation when dealing with this. As an example, I currently have 12 hidden sockets running on my machine but all are legit.
Many network-related items that run in the systray will show their sockets as hidden but if you right click on the systray icon you will find that the corresponding socket entry in PE is no longer hidden (until you close the systray icon context menu)

Also, one of the useful functions in PE is the ability to kill those questionable sockets entirely or prevent outgoing data or incoming data across those sockets until you have deduced whether it is a problem or not. Also, the SocketSpy is very useful in that respect but (I presume) the socket must be left open to capture the traffic.

Hope this helps,

Dan

 

Hi Chemical, If you are unsure and are not running TDS3 or another Trojan scanner maybe the best thing to do is try the TDS3 trial version, you will have to download the latest update (Radius) file from the www.diamondcs.com.au website. Then run a full scan on your PC.

HTH Pilli

 

Dan,

Just add the process ID, then it won't matter if the process opens up new sockets - they'll automatically be captured

Cheers,
Wayne

PS. Nice tip about right-clicking on the systray icon to test those red sockets