CastleCops® 2 trojans ? maybe....

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

2 trojans ? maybe....

All -> FavForums -> General Site

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Jim

Guest
IP: 212.70.*.*

Posted: Wed Nov 27, 2002 11:55 am Post subject: 2 trojans ? maybe....

ESTABLISHED CONNECTION: Possible Nerte 7.8.1 Trojan found on port 80. ESTABLISHED CONNECTION: Possible CANCER 1.0 Trojan found on port 8080. WHat can I do for theses...I have updated my norton antivirus....and doesn't find anything.... Thanks - Jim

JackBenny

Sergeant

Joined: Jul 12, 2002
Posts: 140
Location: USA

Posted: Wed Dec 04, 2002 1:38 pm Post subject:

Note that the scan result reports "possible" , only because those ports are open, not because you have a trojan. One failing of reports like that is, that it does not also report the possible legitimate services that use open ports. That said, the port 80 is used for HTTP and 8080 is a common proxy port. First, confirm that those ports are actually open on your PC, on not the result of filtering by your ISP. Some ISPs filter all traffic to their customers for some or all ports, and a scan will show their open ports and not yours (even if the scan site shows your IP). Open a MS-DOS command prompt and type netstat -an, that will show the true status of your ports. This page will help: http://www.geocities.com/merijn_bellekom/new/netstatan.html Or you could use a program like TCPView: http://www.sysinternals.com/ntw2k/source/tcpview.shtml If this method does not show those ports open, then don't worry. If they are open, then you have programs like a web server and/or local proxy holding them open, and yes, you could also have a Trojan(s). These can help identify what processes are running on those ports: TDIMon http://www.sysinternals.com/ntw2k/freeware/tdimon.shtml or Port Explorer http://www.diamondcs.com.au/portexplorer/ Also, you don't mention having a firewall, if you do, it should not have allowed those ports to be visible (assuming those ports are really yours). Check your configuration. If you don't have one, get one. I use Outpost Pro, but there are many to chose from, and can be found here: http://www.staff.uiuc.edu/~ehowes/soft7.htm You could look into anti-Trojan programs, but beware of the free ones listed here, they haven't been updated in a long time: http://www.staff.uiuc.edu/~ehowes/soft5.htm Some other info you may be interested in: Firewall FAQ http://www.robertgraham.com/pubs/firewall-seen.html Port lists http://www.staff.uiuc.edu/~ehowes/info18.htm Other Security and Privacy tests http://www.staff.uiuc.edu/~ehowes/info17.htm PS. sorry I didn't see your post earier

	All -> FavForums -> General Site	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 199ppm 0.246s (0.046s) Making cybercriminals unhappy since 2002*