Is there a better alternative than CurrentPorts?

Discussion in 'other software & services' started by Ragzarok, Oct 1, 2007.

Thread Status:
Not open for further replies.
  1. Ragzarok

    Ragzarok Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    85
    Hello,
    I've been lurking here a long time and finally decided to join. I'd like to know if there is a better Port monitoring tool than Currports from nirfsoft found here: www.nirsoft.net/utils/cports.html My firewall and Currports show no out going connection ( or opened/established connections) when my system is idle, but I just can't be sure. I recently installed a folder lock program and a rootkit scan shows some hidden items - which isn't surprising, but still a little uneasy. My concern is really this: are there hidden processes or connections that can not be detected by Currports?
    Thank you all for your inputs.
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't know myself, curious too.
    But if there is something better, my money is on IceSword (Anti-Rootkit).
     
  3. Dogbiscuit

    Dogbiscuit Guest

    Port Explorer from DiamondCS shows hidden processes. IMO, a very good product. I believe you can still try it free for 30 days.

    You might want to check out DCS carefully, if you decide to purchase PE, as there have been some serious problems over the last year. I can vouch for the product, but I can't vouch for the soundness of the company, given what's been said on Wilders.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    I would think twice, and twice again. Since they don't respond to anything, sending money would probably less then wise.
     
  5. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Others have sent DCS a email that wasn't answered, I have sent DCS a email on September 20 I got a email notice from the email service the email was undeliverable because of a full mailbox after 24 hours then again at 48 hours then at 72 hours. 24 hours later the email was returned to me as undeliverable because the mailbox was still full. Part of the email discribed what happened when I installed the free process Guard in hope of installing the key I payed for 2 years ago, as well as being locked out from the members section of DCS. So I think downloading and installing anything from DCS it might be safe or it might damage something. So make a restore point or make a backup just in case.
     
  6. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Tcpview is another utility, and you could also try to use wireshark which is a packet sniffer or tcpdump

    Those will show you if anything is going out, but to tell you the truth, I don't believe anything is really wrong with your system. Usually, many things such as security applications just as one example use techniques similar to those used in rootkit programs for their own protection and to do their job properly. Most likely, the scanner is just picking up those things. However, the best thing to do would be if you are truly concerned and none of those utilities show outbound packets that shouldn't be happening, is to post a log on some website that does malware cleaning and have them analyze a log.

    Cheers,

    Alphalutra1
     
  7. Dogbiscuit

    Dogbiscuit Guest

    If this is true, better to follow this advice.
     
  8. Ragzarok

    Ragzarok Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    85
    Thank you. I know some programs will create hidden files to protect themselves. But it is because we can't be sure that we're better off monitoring the outbound traffic. I will check out wireshark. Thanks.
     
  9. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    You can try NetTool5

    NetTools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface.

    http://mabsoft.com/

    This thing has so much functionality, I bet something here will match your need.
     
  10. Ragzarok

    Ragzarok Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    85
    Thank you. I will check that out.
     
  11. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
  12. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Hmm.. I installed this net tools in first Bufferzone and my AV (Norman Virus Control) warned me that is-j36vq.tmp file was infected with W32/poisonivy.OS trojan during install of Net tools.
    I ignored the file. When the install was done I got a popup telling me that something was wrong with a .exe and windows was about to close in 60 seconds and a timer started. Just like a old virus or worm that spread a couple of years ago (I cant remember the name now)

    Windows restarted and I emptied the bufferzone.
    I then installed net tools in sandboxie. Once again I got the warning from my AV this time with the name is-87ig.tmp, but this time I didnt get the shutdown of windows when I started net tools.

    I did a scan at VirusTotal and it was only F-secure that flagged the .tmp file (same name) I guess F-secure uses the Norman engine if I remember right.
    At Jottis F-secure did not detect anything in that file(?!) only Norman and VBA32 detected it as poison ivy.
    I guess one can conclude that it is a false positive then?

    Is Poison Ivy some sort of tool that gives false positive due to its trojan like functions? I think I read in some RAT forum that they use Poison Ivy alot.
    I hope so, because Net tools seems to have a lot of cool utilities.
     
  13. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I cant relate to this personaly, like you said it must be a false positive... I use NOD32 & BOClean + Spyware Dr 2007 and running it all without any warning!

    I am doing a full scan as I write this with TrojanHunter just to be safe. However this looks more like an FP's than anything else... :eek:

    TH5 came up with 3 files with multiple extensions but scan @ Virustotal failed to turn up anything so my guess it's safe!

    File Sniffer.NET.exe.manifest received on 10.04.2007 02:23:04 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)

    File IpHlpApi.net.dll received on 10.04.2007 02:22:12 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)

    File PackMon.NET.dll received on 10.04.2007 02:22:23 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)
     
    Last edited: Oct 3, 2007
  14. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks Hermescomputers. Yeah it probably is a FP, but I think I´ll keep Net tools in sandboxie for now to be sure :)
     
  15. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    X-NetStat is nice.
     
Loading...
Thread Status:
Not open for further replies.