Follow up on Port 5000 - and another Q. or two...
From: Stark Suggs (starksuggs@charter.net)Date: 01/31/02
- Next message: Bill Somerville: "Re: Software firewall of choice."
- Previous message: Joseph V. Morris: "Re: Strange Problem Related to Norton Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Stark Suggs" <starksuggs@charter.net> Date: Thu, 31 Jan 2002 03:00:36 +0000 (UTC)
Again thanks to all for their reply to my post yesterday which was:
I am not very happy. Yes, my mouse has been moving around on its own.
I've been running Sygate's new ver 5.0 w/ xp. I began to get the
feeling something was wrong, so I did a test on the firewall, and the
following came up several times: Trojan 5000 OPEN Bubbel, Back Door
Setup, Sockets de Troie. Got the net bios thing (137), and just enough
frustration to really tick me off. I've gone through my list of apps
running, and basically shut them all down. But, it still works. What I
wonder is if some of those"apps" are not apps at all. msdtc.exe (listed
a a console program) seems to be able to allow itself to become active
again, once I have blocked it, and removed it several times. None of
the other apps do this.
How do you know which apps, which ports? I've done the typical
backtrace, but got no real concrete information.
-------------------------
Now, I ran Tauscan 1.6 once and again with updates and it all came up
clean. The strange thing is since having sygate 50 running, there is a
continuing block of something....at nearly 80% of the time. When I go
and do a backtrace...whois etc... it comes up as my isp-charter. This
has been going on for over 24 hours now...weird. Service is nice and
fast w/o any problems. Two other strange files, one is blocked and
seems to be under control....WkDetect.exe, ntoskrnl.exe, svchost.exe,
lsass.exe. I run nav 2002 - updated. Oddly enough, while I was reading
a document tonight, there was a block going out. I looked at it, and it
was....wmiprvse.exe I got a list of apps about 15 or so in number with
just a few running-only what is necessary - as previously suggested. I
might get the other Trojan program and run it as well.
I hope everyone has a great evening. Take care,
SS
You folks are a wealth of knowledge, and again I very much appreciate
your help.
SS
-- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
- Next message: Bill Somerville: "Re: Software firewall of choice."
- Previous message: Joseph V. Morris: "Re: Strange Problem Related to Norton Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
