Newby's ravings

Discussion in 'Port Explorer' started by krab, Nov 8, 2004.

Thread Status:
Not open for further replies.
  1. krab

    krab Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    2
    Location:
    Indiana
    I just joind this forum because of several problems so feel free to throw rocks at my hard drive for every error I display.
    First PE says I am sending & receiving 0.0 kbs for all connections. Why?
    Second PE says svchost is listening to port 1033 which is RAT. Netspy. Again, Why?
    Thank you...
     
  2. Jo M

    Jo M Registered Member

    Joined:
    Sep 10, 2004
    Posts:
    53
    Hi

    My System doesn't show port 1033 being used but the likelihood is that this might be a Windows service which is enabled by default on your system. I have turned an awful lot of them off and still have a perfectly workable and more secure system! For good information about Windows Services go to

    http://www.blackviper.com/index.html

    But do proceed with care! svchost is a genuine Windows service that you CANNOT shut down! But svchost will be doing this on behalf of something else. Find out what and you could possibly stop it if you don't need that software or service.

    If you have a good Firewall (mine is Zone Alarm Security Suite) then you might see some information about "Generic Host Process for Win32 Services" listening. You might be able to get info from the firewall about what is asking for this access and the ability to block it if you want or need to.

    Do a check at grc.com (https://www.grc.com/x/ne.dll?bh0bkyd2) and find out if you have open ports. Learn about them ports and them services.

    The trojans and rats use these ports precisely because they are standard one's that are likely to be open.

    Regards Jo M

    P.S.

    Shut down or "Deny" every server process that you don't need in your Firewall. If you don't have a Firewall............ :eek:
    Many users can make do with NO server activity on their machine at all. Why does Microsoft enable so many servers as a default? o_O
     
    Last edited: Nov 8, 2004
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Have you rebooted after installing PE?

    Programs (whether they're trojans, or legitimate, or otherwise) are free to use any port they like (as long as it's not already in use). RAT.NetSpy is known to use the port 1033, but simply finding that port open doesn't positively confirm that you're infected with that trojan.

    Best regards,
    Wayne
     
Thread Status:
Not open for further replies.