Is there a better alternative than CurrentPorts?

Hello,
I've been lurking here a long time and finally decided to join. I'd like to know if there is a better Port monitoring tool than Currports from nirfsoft found here: www.nirsoft.net/utils/cports.html My firewall and Currports show no out going connection ( or opened/established connections) when my system is idle, but I just can't be sure. I recently installed a folder lock program and a rootkit scan shows some hidden items - which isn't surprising, but still a little uneasy. My concern is really this: are there hidden processes or connections that can not be detected by Currports?
Thank you all for your inputs.

 

I don't know myself, curious too.
But if there is something better, my money is on IceSword (Anti-Rootkit).

 

Port Explorer from DiamondCS shows hidden processes. IMO, a very good product. I believe you can still try it free for 30 days.

You might want to check out DCS carefully, if you decide to purchase PE, as there have been some serious problems over the last year. I can vouch for the product, but I can't vouch for the soundness of the company, given what's been said on Wilders.

 

Others have sent DCS a email that wasn't answered, I have sent DCS a email on September 20 I got a email notice from the email service the email was undeliverable because of a full mailbox after 24 hours then again at 48 hours then at 72 hours. 24 hours later the email was returned to me as undeliverable because the mailbox was still full. Part of the email discribed what happened when I installed the free process Guard in hope of installing the key I payed for 2 years ago, as well as being locked out from the members section of DCS. So I think downloading and installing anything from DCS it might be safe or it might damage something. So make a restore point or make a backup just in case.

 

Tcpview is another utility, and you could also try to use wireshark which is a packet sniffer or tcpdump

Those will show you if anything is going out, but to tell you the truth, I don't believe anything is really wrong with your system. Usually, many things such as security applications just as one example use techniques similar to those used in rootkit programs for their own protection and to do their job properly. Most likely, the scanner is just picking up those things. However, the best thing to do would be if you are truly concerned and none of those utilities show outbound packets that shouldn't be happening, is to post a log on some website that does malware cleaning and have them analyze a log.

Cheers,

Alphalutra1

 

If this is true, better to follow this advice.

 

Thank you. I know some programs will create hidden files to protect themselves. But it is because we can't be sure that we're better off monitoring the outbound traffic. I will check out wireshark. Thanks.

 

You can try NetTool5

NetTools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface.

http://mabsoft.com/

This thing has so much functionality, I bet something here will match your need.

 

Thank you. I will check that out.

 

Hi,
This thread might help as well:

https://www.wilderssecurity.com/showthread.php?t=161899

HTH
Mike

 

Hmm.. I installed this net tools in first Bufferzone and my AV (Norman Virus Control) warned me that is-j36vq.tmp file was infected with W32/poisonivy.OS trojan during install of Net tools.
I ignored the file. When the install was done I got a popup telling me that something was wrong with a .exe and windows was about to close in 60 seconds and a timer started. Just like a old virus or worm that spread a couple of years ago (I cant remember the name now)

Windows restarted and I emptied the bufferzone.
I then installed net tools in sandboxie. Once again I got the warning from my AV this time with the name is-87ig.tmp, but this time I didnt get the shutdown of windows when I started net tools.

I did a scan at VirusTotal and it was only F-secure that flagged the .tmp file (same name) I guess F-secure uses the Norman engine if I remember right.
At Jottis F-secure did not detect anything in that file(?!) only Norman and VBA32 detected it as poison ivy.
I guess one can conclude that it is a false positive then?

Is Poison Ivy some sort of tool that gives false positive due to its trojan like functions? I think I read in some RAT forum that they use Poison Ivy alot.
I hope so, because Net tools seems to have a lot of cool utilities.

 

I cant relate to this personaly, like you said it must be a false positive... I use NOD32 & BOClean + Spyware Dr 2007 and running it all without any warning!

I am doing a full scan as I write this with TrojanHunter just to be safe. However this looks more like an FP's than anything else...

TH5 came up with 3 files with multiple extensions but scan @ Virustotal failed to turn up anything so my guess it's safe!

File Sniffer.NET.exe.manifest received on 10.04.2007 02:23:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

File IpHlpApi.net.dll received on 10.04.2007 02:22:12 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

File PackMon.NET.dll received on 10.04.2007 02:22:23 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

 

Thanks Hermescomputers. Yeah it probably is a FP, but I think I´ll keep Net tools in sandboxie for now to be sure

 

X-NetStat is nice.