Help - Trojan Infection???

deaditeash · Mar 9, 2002

I recently installed and ran ANTS on my pc. After scanning my ports I was given the following message -

"Port 1027 openly. Probable Trojaner: Port 1030 found no Trojaner openly. Probable Trojaner: Port 5000 found no Trojaner openly. Probable Trojaner: SOCKET23"

I also have Macfee Firewall and NAV2001. Can someone provide me some direction - I assume this means I have a trojan(s) and I admit I'm a newbie at all this security stuff...but I'm learning... My initial run of ANTS detected 3 trojans (one in WINDOWS/TEMP and 2 in windows themes I had downloaded). It also suspected the file C:\Program Files\Gateway\SRCD\win32ui.exe

deaditeash

Paul Wilders · Mar 9, 2002

Hello deaditeash, and welcome!

What you have seen is merely a report from open ports on your system. By no means this does imply your system has been infected in any way.

What has been stated after each detected open port is merely the name of the trojan/backdoor that standard uses this port. One should regard this just as extra info; no more, no less.

As for the scan result: did you perform as scan while heuristics have been set at medium? Using the high heuristics is bound to provide false positives.

If scanned using high heuristic settings, please scan once more using the medium heuristic settings. Don't delete any file at this moment.

Keep us posted!

regards.

paul

deaditeash · Mar 9, 2002

I ran the scan again at medium and am getting a suspected file:

C: \Program Files\Gateway\SRCD\win32UI.exe a Trojaner could be! (17) => program writes in Registry (Run, RunOnce etc.) or grasps on INIs to! => Program the system-index questions! => Program the windows-index questions! => Program questions the presently registered user! => Program belays a Port! => Program the sign chain "server" includes! => Program constructs DialUp-connections! ßßßßßßßßßßßßßßßß Required time: 898 seconds

Paul Wilders · Mar 9, 2002

This is pointing to the Gateway System Restoration, and seems like a false positive to me.

"could be" is related to the fact, the .exe file has shows behaviour that equals common trojan(server) behaviour, as summed up.

Nevertheless, to be absolutely on the safe side, you could send a copy of the file to the author from ANTS for examination: Andreas Haak, email: andy@ewido.com

regards.

paul

wizard · Mar 14, 2002

It seems you use Ants 2.0. This version is outdated. I would not recommend to use it anymore. There will be a new version 2.2 out soon. If you still use Ants 2.0 be careful with the results. Ants 2.0's heuristic and port scan feature produce a lot of false positives.

wizard

deaditeash · Mar 15, 2002

Ok - thanks - I actually ran TDS eval and came up trojan free - I was aware ANTS is coming out with a new version and was suspicous...

Log in or Sign up

Help - Trojan Infection???

deaditeash Registered Member

Paul Wilders Administrator

deaditeash Registered Member

Paul Wilders Administrator

wizard Registered Member

deaditeash Registered Member

Log in or Sign up

Help - Trojan Infection???

deaditeash Registered Member

Paul Wilders Administrator

deaditeash Registered Member

Paul Wilders Administrator

wizard Registered Member

deaditeash Registered Member

Useful Searches