Trend Micro PC Cillin 2006

Discussion in 'malware problems & news' started by Sentient, Jan 29, 2006.

Thread Status:
Not open for further replies.
  1. Sentient

    Sentient Guest

    After installing I happened to check netstat and found that TMProxy.exe was listening on TCP port 6999. Afaik, port 6999 is a communications / IRC port commonly used by trojans to call home. I then uploaded the file to jotti's online virus scan and AntiVir reported through a heuristic scan that the file could possibly be a "General Backdoor". Every other scanner reported the file was clean.

    I need to know if this is normal behavior for TMProxy.exe to be listening on TCP 6999 ... and if anyone else who uses PC Cillin could upload their tmproxy.exe (found in PCCillin's root folder) to jotti's and see if you get the same flag from AntiVir, it would be greatly appreciated.

    Also, if anyone can shed more light on this process other than the standard paragraph that the first million google results return, it would also be very helpful.

    Thanks much
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Info:
    SOURCE

    I have used Tm in past and my daughter currently has it on her laptop. It's mainly to do with Web/POP3 filtering. If you experience problems, memory, as above, do the suggestions. Do not try to kill it in TaskManager via running processes, I think it will break. ;) [or it used to]

    hth, TAS
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi Sentient,

    Looks like normal behavior, i.e. listening on port 6999. I am running PC-Cillin Internet Security 2005 at this time.

    Jotti scan yielded:
    AntiVir Found Heuristic/Backdoor.Generic (probable variant)
    Other scanned found nothing, and (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database).

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.