found trojan ports

Discussion in 'Trojan Defence Suite' started by marty3232d, Nov 21, 2003.

Thread Status:
Not open for further replies.
  1. marty3232d

    marty3232d Guest

    Yo...I have found ports 12345 netbus, 5000 not sure wat that one is, and
    20034 dunno what this one is either but TDS and my other Anti Trojan detecter says these are trojan ports...Now I don't understand because I have scanned my whole computer with TDS i did a Full system scan to scan EVERYTHING memory and all.....and i did the same thing with my other anti trojan. I can't seem to find the 3 trojan fiels that are opening these ports, can someone help me out please?

    thank you
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Port 5000 is typically used by windows svchosts.exe.

    Not sure about 12345 but a little investigation maybe required, so download a trial copy of Port Explorer from DCS www.diamondcs.com.au to see exactly what programmes to ports are doing.

    If you have done a full scan withh TDS3 using the latest radius.tds file & your AV scanner all is probably well. Unfortunately port refs are not a lot of good nowadays.

    HTH Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Yes if the local process is a trojan port not OTHER than 5000 and is red in Port Explorer kill it :) Then run a full system scan with the latest databases, please post 2 things

    Port Explorer, click File > Save Table

    ASViewer, with all options on at the top of the menu

    Show Services
    Show Drivers
    Show Active Setup Components

    http://www.diamondcs.com.au/portexplorer/
    http://www.diamondcs.com.au/index.php?page=asviewer
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Marty,
    How/where do you see those ports in use or open?
    Did you use the plugins > trojan ports check?
    If you have the sockets (upper right corner in TDS) initialised you will find TDS listening on those ports as an extra security so not any (possible) trojan or other illigal process can use those ports at least to start with.
    Port 5000 is also used by the UPnP, 12345 and 20034 are default Netbus port among others, but Port Explorer will show you if this analysis is right!
    So the ports in use don't mean immediately you would be infected.
    It would be different if TDS alerts especially for them like "connection request on trojan port 12345!" or such an alert with a message in the console and email and speech and ping sound and all you configured it to do for you. That would mean to have another look at the firewall as well!

    Now looking forward to what Gavin asked you to produce to have a look together with you!
     
  5. marty323e34

    marty323e34 Guest

    Hey again, I found out the reason why those ports were open on port explorer, It was because when TDS was on It used those ports to scan those ports for trojans, because on the port explorer it showed that TDS was using them, so big LOL. Sorry bout that guys heh.

    Thank you for your help

    Marty
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No need for sorry :) You learnt from your question, the unasked questions can be the most dangerous ones :)

    Port Explorer is very useful tool without a doubt :D
     
  7. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi Marty,
    No need to be sorry, I have learned a bit more from your questions, if in doubt, ask!! We can all learn from each others questions.
     
Thread Status:
Not open for further replies.