Port Explorer cited by malware program

Discussion in 'Port Explorer' started by nonmirecordo, Aug 13, 2005.

Thread Status:
Not open for further replies.
  1. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    I'm trying out a different malware program and it's reported PE as containing malware:

    Adw.ConsumerAlertSystem.CASClient
    Type: Adware
    Level: Elevated
    Author: Hong Kong Internet Investments, Ltd.
    Room 1204, 12/F, Shanghai Ind. Inv. Bldg.
    48-62 Hennessy Road
    Wanchai
    Hong Kong

    The program has quarantined the file c:program files\port explorer\capture.bin

    I ran 'A squared' immediately before the new program and it found no spyware.

    Anybody seen this before? Is 'capture bin' a regular PE file? False positive?

    It probably makes no difference but my copy of PE is post-TDS/free licence.
     
  2. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Out of curiosity, what program?
    False positive. Did you report this to the program vendor so it can be corrected? Capture.bin is the capture file created when you use Socket Spy to see what is being sent/received by a program.
    Yep, no difference what so ever. A licensed PE is just that a licensed PE.
     
    Last edited: Aug 13, 2005
  3. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    Counter Spy - here.

    Not yet, but I will. If nothing else it will be a good test of their support.

    Many thanks.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    not capture.bin itself was alerted on, but a piece of data inside it you caught was malware.
    As the capture.bin itself has authors of DCS, and they are not located in Hong Kong! :)
    Anyway, seen this thread?
    https://www.wilderssecurity.com/showthread.php?t=91561

    Solution: either find out if the malware is still somewhere on your system, as you caught it from somewhere so it did enter your system, and just delete the file if you like.
    Also remove all data inside the capture.bin and it's clean and you can continue spying again.
    Happy catching!
     
  5. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    Thanks very much, Jooske. I'm in much the same position as Steve was - just trying out all the options in PE without R'ingTFM first! I'll do you as you advised Steve.
     
  6. Nevoeci

    Nevoeci Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    4
    I found remote ports 1025 and 1026 with port explorer, did some research on the web and found some info that these ports are form asia and that it is fairly common, the info I found on the web didn't specify port explorer, only the ports that are showing as remote

    Peace,Nevoeci
     
Thread Status:
Not open for further replies.