Am I at risk?

hally44 · Trooper Joined: Jan 09, 2004 Posts: 13 Location: Uk

I have just run the trojan test and its stating ive got 3 possible trojans. Am I at risk at all? I have Norton Antivirus, Zone alarm and run spybot perodically.

ESTABLISHED CONNECTION: Possible TruvaAti 1.2 beta Trojan found on port 23.
ESTABLISHED CONNECTION: Possible Nerte 7.8.1 Trojan found on port 80.
ESTABLISHED CONNECTION: Possible CANCER 1.0 Trojan found on port 8080.
3 possible trojans were detected on your system. Recommended solution: update your anti-virus or anti-trojan definitions immediately and then scan your system. For further help, please visit the CCSP Toolkit Forum

Output from netstat -a is :
Proto Local Address Foreign Address State
TCP ?????:0 ?????:0 LISTENING
TCP ?????:2071 ?????:0 LISTENING
TCP ?????:6543 ?????:0 LISTENING
TCP ?????:1030 ?????:0 LISTENING
TCP ?????:1116 ?????:0 LISTENING
TCP ?????:2143 ?????:0 LISTENING
TCP ?????:137 ?????:0 LISTENING
TCP ?????:138 ?????:0 LISTENING
TCP ?????:nbsession ?????:0 LISTENING
UDP ?????:2071 *:*
UDP ?????:6543 *:*
UDP ?????:1030 *:*
UDP ?????:2143 *:*
UDP ?????:nbname *:*
UDP ?????:nbdatagram *:*

Any advice much appreciated

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Have you run any updated trojan or anti-virus scanners on your system lately>

Guest · Posted: Tue Jan 20, 2004 7:15 pm Post subject:

I have got Norton antiVirus which is up to date and run frequently. Does this not also highlight trojans or is this something seperate?

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Ok, step one is good then if your updated scanner reveals nothing. Next question, do you have a firewall?

hally44 · Trooper Joined: Jan 09, 2004 Posts: 13 Location: Uk

Yes i have the free Zone alarm running. Have also scanned system for spyware with spybot and all appears ok.

Acheton · Posted: Fri Jan 23, 2004 2:38 pm Post subject:

I suggest that you download, install and update a trial version of TrojanHunter (www.misec.net). Then reboot your machine and run a full scan using TH without connecting to the new. Then post back with your findings. At the moment it is difficult to tell whether your browser has the ports open, or whether it is something more nefarious.

thanks,

ach

hally44 · Trooper Joined: Jan 09, 2004 Posts: 13 Location: Uk

I have downloaded the trojanhunter and run with the result that no trojans were detected. I have also installed Diamond port explorer and the only pertinent thing it came up with was I had inetinfo.exe running on port 6543 though IIS service was stopped so do not think this was a problem. When removed with highjackthis so that it doesnt run anymore still showing ports 23, 80 and 8080 as possible trojans using the test on this site.
Port Explorer does not show anything listening on these ports so I am a liitle confused on why the test says theres a problem.
Really do appreciate all the advice given as Id like to understand what is happening here. Many thanks.

hally44 · Trooper Joined: Jan 09, 2004 Posts: 13 Location: Uk

Just a thought but when running the test the IP address is not my real address. My Service provider uses a proxy server and this address is the one being reported at the start of the scan.
Is the scan scanning the proxy server for trojans and not my pc?

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Yes that's correct, the proxy. Run this:

http://computercops.biz/modules.php?name=Reveal_IP

Is it accurate?

hally44 · Trooper Joined: Jan 09, 2004 Posts: 13 Location: Uk

Yes that is it I think - its scanning the proxy server as 'reveal my ip' shows two ips and the actual ip address is accurate and its not scanning this.
Silly question now but if 'reveal your ip' knows the real ip address can't the scan be directed at this instead of the proxy server?
Also I take it that I must be more secure and less prone to trojans with the proxy setup?
Many thanks for all the advice given

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Yes, I'll modify this in a moment.

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Ok I changed the code for all the TCP/Trojan/UDP scanners. Can you test and let me know? I'll be back after dinner.

hally44 · Trooper Joined: Jan 09, 2004 Posts: 13 Location: Uk

Yes problem solved - Seems to be scanning my real IP address now and no Trojans detected.
Many Thanks

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Great! I've been meaning to hop on this for some time now, and was finally able to purchase free time.

outkast-central · Cadet Joined: Feb 28, 2004 Posts: 2 Location: Australia

I've got Norton Antivirus and BitDefender Virus Scanners and i reckon that BitDefender is way better than Norton Antivirus because i update my Norton Antivirus scanner everyday. But BitDefender is way better because i havent updated it yet and it detects Win32.parite.B , this DyFuCa Trojan and many more that Norton Cannot detect. I suggest that you try every virus scanner to see which one truly is the best


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 456 pages served in previous 5 minutes. Page Generation: 0.431 seconds.