A friend has Win98, Webcelerator, Gator, Audiogalaxy installed and hasn't followed the instructions at www.grc.com to unbind Netbios, etc. Is this dangerous: Active Connections Proto Local Address Foreign Address State TCP tinypc:1025 0.0.0.0:0 LISTENING TCP tinypc:1026 0.0.0.0:0 LISTENING TCP tinypc:1027 0.0.0.0:0 LISTENING TCP tinypc:1028 0.0.0.0:0 LISTENING TCP tinypc:1029 0.0.0.0:0 LISTENING TCP tinypc:1030 0.0.0.0:0 LISTENING TCP tinypc:1031 0.0.0.0:0 LISTENING TCP tinypc:1032 0.0.0.0:0 LISTENING TCP tinypc:1033 0.0.0.0:0 LISTENING TCP tinypc:1034 0.0.0.0:0 LISTENING TCP tinypc:1035 0.0.0.0:0 LISTENING TCP tinypc:1036 0.0.0.0:0 LISTENING TCP tinypc:1037 0.0.0.0:0 LISTENING TCP tinypc:1038 0.0.0.0:0 LISTENING TCP tinypc:1039 0.0.0.0:0 LISTENING TCP tinypc:1041 0.0.0.0:0 LISTENING TCP tinypc:1042 0.0.0.0:0 LISTENING TCP tinypc:1043 0.0.0.0:0 LISTENING TCP tinypc:1044 0.0.0.0:0 LISTENING TCP tinypc:1045 0.0.0.0:0 LISTENING TCP tinypc:1046 0.0.0.0:0 LISTENING TCP tinypc:1047 0.0.0.0:0 LISTENING TCP tinypc:1048 0.0.0.0:0 LISTENING TCP tinypc:1049 0.0.0.0:0 LISTENING TCP tinypc:1050 0.0.0.0:0 LISTENING TCP tinypc:1052 0.0.0.0:0 LISTENING TCP tinypc:1053 0.0.0.0:0 LISTENING TCP tinypc:1054 0.0.0.0:0 LISTENING TCP tinypc:1055 0.0.0.0:0 LISTENING TCP tinypc:1056 0.0.0.0:0 LISTENING TCP tinypc:1057 0.0.0.0:0 LISTENING TCP tinypc:1058 0.0.0.0:0 LISTENING TCP tinypc:1059 0.0.0.0:0 LISTENING TCP tinypc:1060 0.0.0.0:0 LISTENING TCP tinypc:1061 0.0.0.0:0 LISTENING TCP tinypc:1062 0.0.0.0:0 LISTENING TCP tinypc:1063 0.0.0.0:0 LISTENING TCP tinypc:1064 0.0.0.0:0 LISTENING TCP tinypc:1065 0.0.0.0:0 LISTENING TCP tinypc:1066 0.0.0.0:0 LISTENING TCP tinypc:1067 0.0.0.0:0 LISTENING TCP tinypc:1068 0.0.0.0:0 LISTENING TCP tinypc:1069 0.0.0.0:0 LISTENING TCP tinypc:1070 0.0.0.0:0 LISTENING TCP tinypc:1071 0.0.0.0:0 LISTENING TCP tinypc:1072 0.0.0.0:0 LISTENING TCP tinypc:1073 0.0.0.0:0 LISTENING TCP tinypc:1074 0.0.0.0:0 LISTENING TCP tinypc:1075 0.0.0.0:0 LISTENING TCP tinypc:1076 0.0.0.0:0 LISTENING TCP tinypc:1077 0.0.0.0:0 LISTENING TCP tinypc:1078 0.0.0.0:0 LISTENING TCP tinypc:1079 0.0.0.0:0 LISTENING TCP tinypc:1080 0.0.0.0:0 LISTENING TCP tinypc:1081 0.0.0.0:0 LISTENING TCP tinypc:1082 0.0.0.0:0 LISTENING TCP tinypc:1083 0.0.0.0:0 LISTENING TCP tinypc:1084 0.0.0.0:0 LISTENING TCP tinypc:1085 0.0.0.0:0 LISTENING TCP tinypc:1086 0.0.0.0:0 LISTENING TCP tinypc:1087 0.0.0.0:0 LISTENING TCP tinypc:1088 0.0.0.0:0 LISTENING TCP tinypc:1089 0.0.0.0:0 LISTENING TCP tinypc:1090 0.0.0.0:0 LISTENING TCP tinypc:1091 0.0.0.0:0 LISTENING TCP tinypc:1092 0.0.0.0:0 LISTENING TCP tinypc:1093 0.0.0.0:0 LISTENING TCP tinypc:1094 0.0.0.0:0 LISTENING TCP tinypc:1095 0.0.0.0:0 LISTENING TCP tinypc:1096 0.0.0.0:0 LISTENING TCP tinypc:1097 0.0.0.0:0 LISTENING TCP tinypc:1098 0.0.0.0:0 LISTENING TCP tinypc:1099 0.0.0.0:0 LISTENING TCP tinypc:1100 0.0.0.0:0 LISTENING TCP tinypc:1101 0.0.0.0:0 LISTENING TCP tinypc:1102 0.0.0.0:0 LISTENING TCP tinypc:1103 0.0.0.0:0 LISTENING TCP tinypc:1104 0.0.0.0:0 LISTENING TCP tinypc:1105 0.0.0.0:0 LISTENING TCP tinypc:1106 0.0.0.0:0 LISTENING TCP tinypc:1107 0.0.0.0:0 LISTENING TCP tinypc:1108 0.0.0.0:0 LISTENING TCP tinypc:kpop 0.0.0.0:0 LISTENING TCP tinypc:1110 0.0.0.0:0 LISTENING TCP tinypc:1111 0.0.0.0:0 LISTENING TCP tinypc:1112 0.0.0.0:0 LISTENING TCP tinypc:1113 0.0.0.0:0 LISTENING TCP tinypc:1114 0.0.0.0:0 LISTENING TCP tinypc:1115 0.0.0.0:0 LISTENING TCP tinypc:1116 0.0.0.0:0 LISTENING TCP tinypc:1117 0.0.0.0:0 LISTENING TCP tinypc:1118 0.0.0.0:0 LISTENING TCP tinypc:1119 0.0.0.0:0 LISTENING TCP tinypc:1120 0.0.0.0:0 LISTENING TCP tinypc:1121 0.0.0.0:0 LISTENING TCP tinypc:1122 0.0.0.0:0 LISTENING TCP tinypc:1123 0.0.0.0:0 LISTENING TCP tinypc:1124 0.0.0.0:0 LISTENING TCP tinypc:1125 0.0.0.0:0 LISTENING TCP tinypc:1126 0.0.0.0:0 LISTENING TCP tinypc:1127 0.0.0.0:0 LISTENING TCP tinypc:1128 0.0.0.0:0 LISTENING TCP tinypc:1129 0.0.0.0:0 LISTENING TCP tinypc:1130 0.0.0.0:0 LISTENING TCP tinypc:1040 0.0.0.0:0 LISTENING TCP tinypc:1051 0.0.0.0:0 LISTENING TCP tinypc:1130 127.0.0.1:smtp SYN_SENT TCP tinypc:24491 0.0.0.0:0 LISTENING TCP tinypc:24492 0.0.0.0:0 LISTENING UDP tinypc:1040 *:* UDP tinypc:1051 *:* [On my PC I get zero output, maybe cos it's Win95?]
Have you suggested that he/she go have their computer scanned at any of the leading sites? ShieldsUp, FI? ( https://grc.com/x/ne.dll?bh0bkyd2 ) Do they have any type of firewall going? Looks to me like the computer's wide-open. Pete
No firewall. I've scanned it for viruses/trojans few months ago if they helps. But as I said Steve Gibson's instructions how to close the ports for a Win9x box haven't been done yet... haven't done the tests yet either. I think the file sharing is on too -- that's the default for W98? So in plain English is it dangerous, and easy to hack into at this present moment? It dunno if it's a W95 v W98 thing but when I'm disconnected I don't get any output (even though I've followed Gibson's advice). Maybe with all this "junk" webaccelator, MSN messenger, Yahoo messenger,. etc he's got on his PC it's more vunerable. He's got Gator installed which is spyware or something bad? I'm very fussy. I only install what I really need.
Gator is spyware, and Spybot will definitely detect and clean it, I used it on my cousins machines while I was visiting earlier this year.
Do an on-line scan first. Make sure you use a spy-ware search and kill program. Ad-aware is good and free. Run and configure a firewall. and for god's sakes don't worry so much about what gibson says and find other sources to. It's not good to put everything in one place/person. try them all... Anti-Trojan Port Scan, http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck Blackcode Port Scan, http://www.blackcode.com/scan/ DSLReports Security Scan, http://www.dslreports.com/scan HackerWatch Port Scan, http://probe.hackerwatch.org/probe/probe.asp Ken Kalish Port Tester, http://www.mycgiserver.com/~kalish/ PC Flank, http://www.pcflank.com/test.htm Sygate Security Scan, http://scan.sygatetech.com/prequickscan.html SecurityMetrics Port Scan, http://www.securitymetrics.com/portscan.adp Shields-UP, http://grc.com/x/ne.dll?bh0bkyd2 Symantec Security Check, http://security2.norton.com/ssc/home.asp
spy1, This site says to TURN off the Firewall? Huh? http://www.markusjansson.net/eienbid.html - You can go to https://grc.com/x/ne.dll?bh0bkyd2 and run ?Test my shields!? and see that NetBIOS is really off. Remember to turn off your firewall if you have one that is.
polo, In ideal testing surrounding - could be done. In practice, I would advice against it. regards. paul
Comment on this please http://www.markusjansson.net/ehacked.html#net Check out for ANYTHING that has been marked as "Listening" or "Connected" and DOES NOT HAVE 0.0.0.0:0 as IP address. There might be couple things that are "Listening" but are at IP 0.0.0.0:0, meaning that they are listening in your computer for your computer...this is long thing to explain so just IGNORE THEM, they are NOT trojans!!!