| View previous topic :: View next topic |
| Author |
Message |
savagegoose
Cadet
Joined: May 14, 2003
Posts: 2
Location: Australia
|
 Posted: Thu Jul 24, 2003 9:20 am Post subject: |
|
|
ehh i think its a false report,
that sheilds up place says i have stealth every port, your trojan hunter found nothing of note.
it dud say port 120 is suss, and also reported paltalk.exe maybe a downloader hehehe i think it is.
isnt there a lot of false alarms about port 80 anyhow? |
|
| Back to top |
|
 |
Jamming
Colonel
Premium Member
Joined: Jun 22, 2002
Posts: 1874
|
| Posted: Thu Jul 24, 2003 10:48 am Post subject: |
|
|
Yeah, there are a number of them.
If you ever find a suspicious file you can submit it to for Magnus to look at. |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5678
Location: USA
|
| Posted: Thu Jul 24, 2003 4:07 pm Post subject: |
|
|
Ok all the scans are working on site now.
_________________
I love my wife. |
|
| Back to top |
|
|
Muddy
Cadet
Joined: Sep 11, 2003
Posts: 1
Location: USA
|
| Posted: Thu Sep 11, 2003 1:13 am Post subject: |
|
|
| Im getting that same error and I have all the latest Norton defs and am running a current version of Zone ALarm |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5678
Location: USA
|
| Posted: Sat Sep 13, 2003 11:11 pm Post subject: |
|
|
Hmm that's odd because the problem was resolved. I'll double check again.
_________________
I love my wife. |
|
| Back to top |
|
|
bradleywillson
Cadet
Joined: Feb 26, 2004
Posts: 1
Location: USA
|
| Posted: Thu Feb 26, 2004 8:36 pm Post subject: Re: Nerte 7.8.1 Trojan |
|
|
| ehask wrote: |
Make sure your not running a webserver on your box. I also got this message but I am on the LAN side of a Linux firewall that is hosting 5 domains (port 80)
I believe the fact that a webserver responds triggers the scanner as a possible Trojan
Paul nice site!!
Eric H
A+,Linux+,MCSE,CCNA
www.pctechs2go.net |
I'll second that. I've run it twice to make sure. It would be nice if the scanner could discriminate between Apache and IIS.
B. Willson
|
|
| Back to top |
|
|
mileslevy
Cadet
Joined: Mar 29, 2004
Posts: 1
Location: USA
|
| Posted: Mon Mar 29, 2004 9:18 am Post subject: |
|
|
Also was notified of the possilbe Nerte trojan... netstat did NOT show 32 in use or listening. Scan'd the registry for nerte... NADA..
I suspect a false positive on the scan. |
|
| Back to top |
|
|
erbuc
Cadet
Joined: May 08, 2004
Posts: 4
Location: Thailand
|
| Posted: Sat May 08, 2004 9:51 am Post subject: |
|
|
Hi everyone,
I have a slightly different issue here in Thailand with some very interesting results.
When you subscribe to a xDSL service here, you get two logins:
1. for all local internet websites, email etc.
2. for all international internet websites, email etc.
They charge me per hour for the international but the local is a flat rate. If you login with the local account, any attempt to access a web site outside Thailand times out because it is blocked. So I tried to outsmart the system by using a local transparent proxy with international access. Works like a charm.
However, when using the scanners here, the IP Address scanner does not know I am behind a proxy and returns a single, anonymous IP address, not the IP address assigned to me.
Secondly, the trojan scanner claims there may be a Nerte virus on ports 80 and 21 (assigned to the proxy for local login) when I am logged in using the local account. But shows no trojan when I am logged on using the international account.
Does anyone have any idea what could possibly be listening on ports from my local machine (127.0.0.1):
TCP 1025, 2051, 1028
UDP 2051, 1028
There are no foreign addresses connected to these according to netstat.
Cheers,
Eric |
|
| Back to top |
|
|
erbuc
Cadet
Joined: May 08, 2004
Posts: 4
Location: Thailand
|
| Posted: Sat May 08, 2004 9:55 am Post subject: |
|
|
Hi everyone,
I have a slightly different issue here in Thailand with some very interesting results.
When you subscribe to a xDSL service here, you get two logins:
1. for all local internet websites, email etc.
2. for all international internet websites, email etc.
They charge me per hour for the international but the local is a flat rate. If you login with the local account, any attempt to access a web site outside Thailand times out because it is blocked. So I tried to outsmart the system by using a local transparent proxy with international access. Works like a charm.
However, when using the scanners here, the IP Address scanner does not know I am behind a proxy and returns a single, anonymous IP address, not the IP address assigned to me.
Secondly, the trojan scanner claims there may be a Nerte virus on ports 80 and 21 (assigned to the proxy for local login) when I am logged in using the local account. But shows no trojan when I am logged on using the international account.
Does anyone have any idea what could possibly be listening on ports from my local machine (127.0.0.1):
TCP 1025, 2051, 1028
UDP 2051, 1028
There are no foreign addresses connected to these according to netstat.
Cheers,
Eric |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5678
Location: USA
|
| Posted: Sat May 08, 2004 11:27 am Post subject: |
|
|
I'm curious what does the IP come back with when you go thru the transparent proxy versus the international hookup?
_________________
I love my wife. |
|
| Back to top |
|
|
erbuc
Cadet
Joined: May 08, 2004
Posts: 4
Location: Thailand
|
| Posted: Sat May 08, 2004 12:26 pm Post subject: |
|
|
Through Transparent Proxy
| Code: |
My Assigned IP Address: 210.86.159.212
Computer Cops reported REAL IP: 202.47.247.146
Proxy IP Address: 202.129.29.119 |
The proxy was not reported at computer cops.
Through International - No Proxy
| Code: |
My Assigned IP Address: 210.86.146.135
Computer Cops reported REAL IP: 210.86.146.136 |
Cheers.
|
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5678
Location: USA
|
| Posted: Sat May 08, 2004 1:25 pm Post subject: |
|
|
So on the first its scanning the proxy IP and its open ports.
_________________
I love my wife. |
|
| Back to top |
|
|
erbuc
Cadet
Joined: May 08, 2004
Posts: 4
Location: Thailand
|
| Posted: Sat May 08, 2004 9:53 pm Post subject: |
|
|
That's correct. And that's when the Computer Cops Trojan Scanner picks up the Nerte virus on ports 21 and 80.
Should this be a concern to me in using that proxy? |
|
| Back to top |
|
|
bassweb
Cadet
Joined: Mar 30, 2004
Posts: 1
Location: Netherlands
|
| Posted: Mon May 17, 2004 1:10 pm Post subject: |
|
|
Port 80 is the standart Internet Port so if you are internetting you have port 80 open  That's my opinion though |
|
| Back to top |
|
|
|
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
